urlscan.io logo urlscan.io
SecurityTrails logo

accounts.hgv.it Open in urlscan Pro
199.36.158.100  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://staging.booking.hgv.it/
Effective URL: https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
Submission: On December 18 via automatic, source certstream-suspicious — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is accounts.hgv.it.
TLS certificate: Issued by GTS CA 1D4 on December 5th 2023. Valid for: 3 months.
This is the only time accounts.hgv.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 34.160.213.209 396982 (GOOGLE-CL...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
5 199.36.158.100 54113 (FASTLY)
10 4
Apex Domain
Subdomains		 Transfer
10 hgv.it
staging.booking.hgv.it
api.accounts.hgv.it Failed
accounts.hgv.it
412 KB
10 1
Domain Requested by
5 accounts.hgv.it staging.booking.hgv.it
accounts.hgv.it
3 staging.booking.hgv.it staging.booking.hgv.it
2 api.accounts.hgv.it staging.booking.hgv.it
accounts.hgv.it
10 3

This site contains no links.

Subject Issuer Validity Valid
api.bookingsuedtirol.com
GTS CA 1D4		 2023-12-06 -
2024-03-05		 3 months crt.sh
accounts.hgv.it
GTS CA 1D4		 2023-12-05 -
2024-03-04		 3 months crt.sh
api.accounts.hgv.it
GTS CA 1P5		 2023-12-05 -
2024-03-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
Frame ID: 3614C018C9438E9E42470BBDBE407F4B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HGV Konto

Page URL History Show full URLs

  1. https://staging.booking.hgv.it/ Page URL
  2. https://api.accounts.hgv.it/self-service/login/browser?return_to=https://staging.booking.hgv.it/ HTTP 303
    https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0 Page URL

Page Statistics

10
Requests

60 %
HTTPS

33 %
IPv6

1
Domains

3
Subdomains

4
IPs

1
Countries

412 kB
Transfer

1576 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://staging.booking.hgv.it/ Page URL
  2. https://api.accounts.hgv.it/self-service/login/browser?return_to=https://staging.booking.hgv.it/ HTTP 303
    https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
staging.booking.hgv.it/ 		522 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staging.booking.hgv.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.213.209 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
209.213.160.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e0762b3e4bc14fc0351567f9bfd7010221defcdc5c759c47fc48f73b1a20c4cd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
522
content-security-policy
default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
content-type
text/html; charset=utf-8
date
Mon, 18 Dec 2023 09:09:29 GMT
etag
"s5uqrmei"
last-modified
Mon, 18 Dec 2023 07:42:58 GMT
referrer-policy
no-referrer
server
Google Frontend
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
x-cloud-trace-context
e510691229f32a122d402e60f292ef5e
x-content-type-options
nosniff
index-LobXo7Dx.js
staging.booking.hgv.it/assets/ 		978 KB
263 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.booking.hgv.it/assets/index-LobXo7Dx.js
Requested by
Host: staging.booking.hgv.it
URL: https://staging.booking.hgv.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.213.209 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
209.213.160.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
22c70535e65dce8398617e7b56b63e7e544d4210e3f14eda5718aa8913bc9b5a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://staging.booking.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Mon, 18 Dec 2023 07:42:58 GMT
server
Google Frontend
date
Mon, 18 Dec 2023 09:09:29 GMT
content-encoding
br
etag
"s5uqrm5rg7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 google, 1.1 google
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
index-8NAysR-y.css
staging.booking.hgv.it/assets/ 		59 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging.booking.hgv.it/assets/index-8NAysR-y.css
Requested by
Host: staging.booking.hgv.it
URL: https://staging.booking.hgv.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.213.209 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
209.213.160.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
9f433eb39b33400fbb79c1cc4abba0d560b87700df73b9f4d97c0ad2a327ef24
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://staging.booking.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Mon, 18 Dec 2023 07:42:58 GMT
server
Google Frontend
date
Mon, 18 Dec 2023 09:09:29 GMT
content-encoding
br
etag
"s5uqrmb1z"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 google, 1.1 google
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
whoami
api.accounts.hgv.it/sessions/ 		0
0
Primary Request error
accounts.hgv.it/
Redirect Chain
  • https://api.accounts.hgv.it/self-service/login/browser?return_to=https://staging.booking.hgv.it/
  • https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
452 B
807 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
Requested by
Host: staging.booking.hgv.it
URL: https://staging.booking.hgv.it/assets/index-LobXo7Dx.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6092e56f62f5e6e7ca33df956d8f216f18df31e3e4556593e593b4c380571799
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://staging.booking.hgv.it/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
public, max-age=10
content-encoding
br
content-length
178
content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Mon, 18 Dec 2023 09:09:30 GMT
etag
"49e09158d784ab2e05a7840eea5d0fc87a4de7dafa39f2d304e3fe9d9a873936-br"
last-modified
Tue, 05 Dec 2023 08:49:36 GMT
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-served-by
cache-mxp6942-MXP
x-timer
S1702890571.747998,VS0,VE46

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8376446f9e37525c-MXP
content-length
73
content-type
text/html; charset=utf-8
date
Mon, 18 Dec 2023 09:09:30 GMT
location
https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
ory-network-region
euw
server
cloudflare
vary
Origin,Origin,Cookie
index-2c5daac9.js
accounts.hgv.it/assets/ 		481 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.hgv.it/assets/index-2c5daac9.js
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8bed27ad91d9e9f411fd5b41e6cb110bc8748c7406ec435f0d1cf76633844c88
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://accounts.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 18 Dec 2023 09:09:30 GMT
x-cache
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
107776
x-served-by
cache-mxp6942-MXP
referrer-policy
no-referrer
last-modified
Tue, 05 Dec 2023 08:49:36 GMT
x-timer
S1702890571.818440,VS0,VE2
etag
"5e079f5141bb9aa64c55c0913a6526f0f97c5ca9044b3efce4d639e8a8b5cf29-br"
vary
x-fh-requested-host, accept-encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
1
index-a9bae3bc.css
accounts.hgv.it/assets/ 		31 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.hgv.it/assets/index-a9bae3bc.css
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/error?id=e49272b0-23ac-48c7-bb72-7fa4ad4187e0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a9bae3bc2c4c0766b06cb148e0ee235a7f2c79d03fdc400daf664e16d3ae341e
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 18 Dec 2023 09:09:30 GMT
x-cache
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
5520
x-served-by
cache-mxp6942-MXP
referrer-policy
no-referrer
last-modified
Tue, 05 Dec 2023 08:49:36 GMT
x-timer
S1702890571.818165,VS0,VE1
etag
"746cb44ed22a7f063897f0dea6d6e4b7abf68af1e22d39788238fa4363fe9601-br"
vary
x-fh-requested-host, accept-encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
1
warning-6c4bcd10.svg
accounts.hgv.it/assets/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.hgv.it/assets/warning-6c4bcd10.svg
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6c4bcd10c9f9592dfd2690d25d6509c4c3b6eb5a303a24857395b3423c1a5e97
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 18 Dec 2023 09:09:30 GMT
x-cache
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
3897
x-served-by
cache-mxp6940-MXP
referrer-policy
no-referrer
last-modified
Tue, 05 Dec 2023 08:49:36 GMT
x-timer
S1702890571.919566,VS0,VE1
etag
"d622536c1d1d8132f049d734e0d62e00f6e3577d5c1e1784dbce02ca23e6ba99-br"
vary
x-fh-requested-host, accept-encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
1
open-sans-latin-400-normal-b34551ae.woff2
accounts.hgv.it/assets/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://accounts.hgv.it/assets/open-sans-latin-400-normal-b34551ae.woff2
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/assets/index-a9bae3bc.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://accounts.hgv.it
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'none';script-src 'self';script-src-elem 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self' https://api.accounts.hgv.it https://iam.hgvapis.it o179954.ingest.sentry.io;frame-src 'none';font-src 'self';frame-ancestors 'none'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 18 Dec 2023 09:09:30 GMT
x-cache
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
16740
x-served-by
cache-mxp6940-MXP
referrer-policy
no-referrer
last-modified
Tue, 05 Dec 2023 08:49:36 GMT
x-timer
S1702890571.920062,VS0,VE1
etag
"a2c052b0f59554b6187d99703b234e6643cc2c5a85cb89a6091d5c709857aa06"
vary
x-fh-requested-host, accept-encoding
content-type
font/woff2
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
1
whoami
api.accounts.hgv.it/sessions/ 		206 B
575 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.accounts.hgv.it/sessions/whoami
Requested by
Host: accounts.hgv.it
URL: https://accounts.hgv.it/assets/index-2c5daac9.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:c7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29765a9f3e26509c88ad465ea7d70d96f66d6760dbdef59562362fec8db4f8b0

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Mon, 18 Dec 2023 09:09:31 GMT
cf-cache-status
DYNAMIC
server
cloudflare
ory-network-region
euw
ory-session-cache-for
60
vary
Origin,Origin,Cookie, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://accounts.hgv.it
access-control-expose-headers
Cache-Control, Expires, Last-Modified, Pragma, Content-Length, Content-Language, Content-Type
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
ory-session-edge-status
MISS
cf-ray
837644744c640e15-MXP
alt-svc
h3=":443"; ma=86400
content-length
206

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.accounts.hgv.it
URL
https://api.accounts.hgv.it/sessions/whoami

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| __REACT_INTL_CONTEXT__

4 Cookies

Domain/Path Name / Value
api.accounts.hgv.it/ Name: __cflb
Value: 04dTofjtHwhfCny3TimBZbgWZXE933GWi7ZBraH9ZD
.api.accounts.hgv.it/ Name: __cf_bm
Value: 4hyiEooC91xyBg_immkC1dDmyNsBruePEJn422YDCZg-1702890570-1-ARKkV5E+i076+hfIhl+54dX04/ibHVMQTj9oV69dx8c60OW3XS3lXA00jAo1d5h3aAbxdk34oIrRvmlMPb3X+7U=
.api.accounts.hgv.it/ Name: _cfuvid
Value: Xx7hwRmG31.SDj.7RigFBfGPMdG29u5Kd9xec.4l_c0-1702890570157-0-604800000
.hgv.it/ Name: csrf_token_08c109866b1aa722ec57d2d3fde7e268e49d5609fdb3e79c4308a4a40d40aaad
Value: AApAF9oerPKJDxyYT939NiiLzZo1/gXITfI2mGGKMFE=

3 Console Messages

Source Level URL
Text
javascript error URL: https://staging.booking.hgv.it/
Message:
Access to XMLHttpRequest at 'https://api.accounts.hgv.it/sessions/whoami' from origin 'https://staging.booking.hgv.it' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.accounts.hgv.it/sessions/whoami
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://api.accounts.hgv.it/sessions/whoami
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' https://widget.bookingsuedtirol.com; script-src-elem 'self' https://widget.bookingsuedtirol.com; style-src 'self' 'unsafe-inline' https://widget.bookingsuedtirol.com; img-src 'self' blob: data: https://storage.googleapis.com https://easychannel.it https://*.openstreetmap.org https://doc.lts.it; connect-src 'self' https://api.accounts.hgv.it https://nominatim.openstreetmap.org https://storage.googleapis.com https://widget.bookingsuedtirol.com https://api.bookingsuedtirol.com https://tourism.opendatahub.bz.it; frame-src 'self' https://api.trustyou.com https://easychannel.it; font-src 'self'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff