hackerone.com Open in urlscan Pro
2606:4700:4400::6812:24d6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hackerone.com/reports/1183296
Submission: On October 17 via api (October 17th 2024, 12:39:46 pm UTC) from RU — Scanned from DE

Summary HTTP 39 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 39 HTTP transactions. The main IP is 2606:4700:4400::6812:24d6, located in United States and belongs to CLOUDFLARENET, US. The main domain is hackerone.com. The Cisco Umbrella rank of the primary domain is 140037.
TLS certificate: Issued by DigiCert EV RSA CA G2 on February 23rd 2024. Valid for: a year.

This is the only time hackerone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2606:4700:440... 2606:4700:4400::6812:24d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:21f... 2600:9000:21f3:2000:4:4c7d:87c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	52.218.180.129 52.218.180.129	16509 (AMAZON-02) (AMAZON-02)
39	4

31 2606:4700:4400::6812:24d6 (United States)

ASN13335 (CLOUDFLARENET, US)

hackerone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21f3:2000:4:4c7d:87c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

profile-photos.hackerone-user-content.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.218.180.129 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	hackerone.com hackerone.com — Cisco Umbrella Rank: 140037	3 MB
6	amazonaws.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 792102	2 MB
2	hackerone-user-content.com profile-photos.hackerone-user-content.com — Cisco Umbrella Rank: 884624	9 KB
39	3

	Domain	Requested by
31	hackerone.com	hackerone.com
6	hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
2	profile-photos.hackerone-user-content.com
39	3

This site contains links to these domains. Also see Links.

Domain
www.hackerone.com
www.facebook.com
twitter.com
www.linkedin.com
news.ycombinator.com
www.reddit.com
sifchain.finance
blog.sweepatic.com
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
support.wix.com
docs.hackerone.com

Subject Issuer	Validity	Valid
hackerone.com DigiCert EV RSA CA G2	`2024-02-23` - `2025-03-11`	a year	crt.sh
profile-photos.hackerone-user-content.com Amazon RSA 2048 M02	`2024-03-15` - `2025-04-12`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon RSA 2048 M01	`2024-09-14` - `2025-08-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hackerone.com/reports/1183296
Frame ID: B622176416978E27F2E2267991189D7C
Requests: 55 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sifchain | Report #1183296 - Subdomain Takeover At the Main Domain Of Your Site | HackerOne

Page Statistics

39
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

4891 kB
Transfer

13915 kB
Size

4
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hackerone.com/
Title: Learn more about HackerOne

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fhackerone.com%2Freports%2F1183296

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fhackerone.com%2Freports%2F1183296&text=Subdomain%20Takeover%20At%20the%20Main%20Domain%20Of%20Your%20Site%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fhackerone.com%2Freports%2F1183296

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fhackerone.com%2Freports%2F1183296&t=Subdomain%20Takeover%20At%20the%20Main%20Domain%20Of%20Your%20Site%20

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fhackerone.com%2Freports%2F1183296&title=Subdomain%20Takeover%20At%20the%20Main%20Domain%20Of%20Your%20Site%20

Search URL Search Domain Scan URL

URL: http://sifchain.finance/
Title: http://sifchain.finance

Search URL Search Domain Scan URL

URL: https://blog.sweepatic.com/subdomain-takeover-principles/
Title: https://blog.sweepatic.com/subdomain-takeover-principles/

Search URL Search Domain Scan URL

URL: https://sifchain.finance/
Title: https://sifchain.finance

Search URL Search Domain Scan URL

URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/mzusnqhv5t6h6cj86ohafyge78lq?response-content-disposition=inline%3B%20filename%3D%22Screenshot_from_2021-05-03_22-56-47.png%22%3B%20filename%2A%3DUTF-8%27%27Screenshot_from_2021-05-03_22-56-47.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTWDIHNIE%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123944Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIFVspeOi%2BN1sq3Pgae9EAZFNOs8izZLQ1ZWg5q%2BT4aSPAiEA9QCEI7eTd1FX3D7Tl5rhKqWDkRMB0ITOwwCFjfQdrVoqsQUILRADGgwwMTM2MTkyNzQ4NDkiDNTo39KKUHGHyCPDYSqOBeI0xoaZFc950lYoTUv%2FPtvrW4jWOjAilPiJ5CFaV8TV%2BYyhN8ut3MozHt6QlgiOX4pRbeUaw55X5L%2FPE0WgAjwF7m7tF50syGNt5%2BXPinA8EEvxr7JNI0zskDGNUQDQscYBv3VX%2Bqku3LyfJlvp7SPNu%2F4PPf%2BMG2fx5sCEuK3nI0AxyMAtPNt%2Fm6U%2BPzdwC8B%2FVrXL7y8%2BMLwulesBN9zQZmNEfLxJJZ0xfcoiAkXtXjrNfn63cpQHWjgK3WRCNOpbyikblXVH4Krnp9GpMwmnigKPUiM3d8UWCIw5O%2F3B781B%2FF8%2BB1%2ByphBqMGDCocGY4zQfPYbqLWEUF%2BXmIDujH7pRKE6yFZs8AW8vi62b%2FTbYG304sL3rG7jLdaSwYK82OFeqGZ%2BIzOPmP4OOKK8%2FoWfFDIK%2FwIN1lbm8r%2F8gSMBsfJ26iDxNf29xQjpt49jdB1gGw0L7vZ0aZIYtLxLAlclOAko%2F3I6Jv5lxEhn1ZdaSgwxM4TVd6KOHNWFvrSYI9AVzjxz2uwcgEN8Y2Ek5YLK%2F5FZ%2FocZkKuY5zL4HdKa7NWS7zM0yoOBRUyqwiRAX8qspmZoqG322XAbaGDQgXLO0J8LCjHDXKtvxoJ6nzLhlArlzW3fCkcmIX00IxODygo9ao3nOsseDe4J1NKYl8B%2FDqc4SmbGBz9Oht3yuio5FVFGxvJZ5lnc3Br2SJW5waRoJttaWQvUqhFU040y9FAYQP19ldoGyYj2yHCVzziz%2BZ3lRhMRCcG3RS6CUCD4Bnp5X8%2FMrQk%2FLUs2hMrYbuvynCgopsZeRTiDHUe8I5quwrdhRW72kSr%2Fx4Z%2FNz9FV%2BPMT%2BQmKQH9lqpw7Du0KgB0KYlqT0mhiqa5WRDC658O4BjqxAZuYjNwitlGNjpjoPlU2ygYRzoNKtu1OEJJEkrzqY%2Fq8KrQE1E6KOS8sILTRVZipdgQSj4oOYoc1ZreO9Rx8XYP2eWD6NwvLv98aTVHsYeHP%2FXAgCb2JVkkjOkrfqZgh7fUzJam6mE0fTpeRI9SmPd5ZkGfibCoZoSABJSrXhXcOmWOjXo%2BYZDufc%2FDhfa2xIxWyWhKkQECNaDD4kXbo9%2BRqd2BNCFM52w1cHIXf0eyb1Q%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=e07e5abbef6f2fa79bf5a6aa6e1cd839ebb1e8f559276b98041e4e53e4f69c6a
Title: Download

Search URL Search Domain Scan URL

URL: https://support.wix.com/en/article/connecting-a-subdomain-to-a-site-in-your-wix-account
Title: https://support.wix.com/en/article/connecting-a-subdomain-to-a-site-in-your-wix-account

Search URL Search Domain Scan URL

URL: https://docs.hackerone.com/en/articles/8395706-payments#h_f9880ce12d
Title: Hidden

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 1183296 Show response
hackerone.com/reports/ 7 KB
5 KB 282ms
246ms Document
text/html 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1183296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916cfc7bd5423aaee3af2f0fb4b9e098c647d0f2f1f2ae9e85ffa5d122288b03

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-meJQiKA90BUN7sYlBDAi2ekNSUjFbkUdhNqfLmDETug=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store
cf-cache-status: DYNAMIC
cf-ray: 8d405a44aa1dd284-FRA
content-disposition: inline; filename="response.html"
content-encoding: br
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-meJQiKA90BUN7sYlBDAi2ekNSUjFbkUdhNqfLmDETug=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-type: text/html; charset=utf-8
date: Thu, 17 Oct 2024 12:39:39 GMT
etag: W/"916cfc7bd5423aaee3af2f0fb4b9e098"
expect-ct: enforce, max-age=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
user-authenticated: false
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-request-id: 56db5e2a-bfc6-4d78-9cfe-9b69412ce27b
x-xss-protection: 1; mode=block

GET
H2 200 main_css-n-6T_do_.css
hackerone.com/assets/static/ 440 KB
72 KB 49ms
48ms Stylesheet
text/css 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/main_css-n-6T_do_.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1183296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

538cb3031d597b9ef5efeea0854e6e1ad4254d6608319397e49ef9aaa828093c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/reports/1183296

Response headers

content-encoding: br
cf-cache-status: HIT
age: 94681
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:39 GMT
date: Thu, 17 Oct 2024 12:39:39 GMT
content-type: text/css
last-modified: Wed, 16 Oct 2024 10:21:04 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a466f88d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 main_js-DsnehVnn.css
hackerone.com/assets/static/ 148 KB
21 KB 61ms
61ms Stylesheet
text/css 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/main_js-DsnehVnn.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1183296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b6a2afb2e2223dfaf0f2c9b6763fdc5277caec765a001e7c5117b7db69b3735

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/reports/1183296

Response headers

content-encoding: br
cf-cache-status: HIT
age: 1124791
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:39 GMT
date: Thu, 17 Oct 2024 12:39:39 GMT
content-type: text/css
last-modified: Fri, 04 Oct 2024 12:12:20 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a466f8cd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 constants-d61def0046eb84de534d53ef67890b9652d1c82564cb707009dbce98aeee2123.js Show response
hackerone.com/assets/ 103 KB
30 KB 64ms
63ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/constants-d61def0046eb84de534d53ef67890b9652d1c82564cb707009dbce98aeee2123.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1183296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0138e1b73340d916bddd2a27cae7b2c4ad40154211c81fa3cfd2f6d0ecb4fe0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/reports/1183296

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 3308
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:39 GMT
date: Thu, 17 Oct 2024 12:39:39 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 11:43:42 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a466f8dd284-FRA
accept-ranges: bytes
content-length: 30598
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 main_js-Cj5NwVu4.js Show response
hackerone.com/assets/static/ 3 MB
549 KB 51ms
51ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/main_js-Cj5NwVu4.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1183296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee31b61d5fb57180c6a66547f962165fc19825613c5a3069a486b4c74526deec

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer: https://hackerone.com/reports/1183296

Response headers

content-encoding: br
cf-cache-status: HIT
age: 11063
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:39 GMT
date: Thu, 17 Oct 2024 12:39:39 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 09:34:39 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a466f8fd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 vendor-DdvQV1gj.js Show response
hackerone.com/assets/static/ 8 MB
2 MB 28ms
28ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1183296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f50b642d8fbf281941f156b757a01d5c72578316359774d7a69c3d77b07d727

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer: https://hackerone.com/assets/static/main_js-Cj5NwVu4.js

Response headers

content-encoding: br
cf-cache-status: HIT
age: 11057
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:39 GMT
date: Thu, 17 Oct 2024 12:39:39 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 09:34:38 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a477b1bd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 5 KB
1 KB 282ms
280ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50044ecd55c2c23f124c30c0f129cbd696f763381ddeb7ba4ef175a4bce451c7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: other
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: other
content-type: application/json

Response headers

x-request-id: fac33536-a4fe-4227-94d4-e7c18cbb2c44
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"50044ecd55c2c23f124c30c0f129cbd6"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a4faafad284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 141 B
2 KB 205ms
203ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e2dc32075dacd201748d3160634a6812f1de3a71b0de4b0cf173906b0fe8e15

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: other
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: other
content-type: application/json

Response headers

x-request-id: cb517dfc-eb20-408e-be1e-065904a117e3
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"8e2dc32075dacd201748d3160634a681"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:40 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a4fab01d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 favicon.ico
hackerone.com/ 5 KB
702 B 37ms
36ms Other
image/vnd.microsoft.icon 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba712982ab0d40a72abb893646db62ade35983fc4bdb83abb9a7ebdcd75f569d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/reports/1183296

Response headers

content-encoding: br
cf-cache-status: HIT
age: 1923336
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:40 GMT
date: Thu, 17 Oct 2024 12:39:40 GMT
content-type: image/vnd.microsoft.icon
last-modified: Tue, 24 Sep 2024 20:38:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a4fbb0cd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 report_page-CNjZpCsl.js Show response
hackerone.com/assets/static/ 532 B
1 KB 34ms
34ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/report_page-CNjZpCsl.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a3d515f5e9433b51138451c69da3e0cf14ec0eaa2046a129ec21e4f6182a09d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer

Response headers

content-encoding: br
cf-cache-status: HIT
age: 11050
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:41 GMT
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 09:34:38 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a5188c6d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 read_reports-i8IWxKvF.js Show response
hackerone.com/assets/static/ 469 B
375 B 49ms
49ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/read_reports-i8IWxKvF.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd6193f1bd4f90a51bb3d52b2e31113668548cae1fe3efe755de9bb641c648f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer

Response headers

content-encoding: br
cf-cache-status: HIT
age: 11050
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:41 GMT
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 09:34:38 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a5188c9d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 program_health_acknowledgement-CrsFUKG3.js Show response
hackerone.com/assets/static/ 10 KB
2 KB 37ms
37ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/program_health_acknowledgement-CrsFUKG3.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4ec3868386e1428701c36deae157e30cf5629a827417e18c64f5d0508c00b87

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer

Response headers

content-encoding: br
cf-cache-status: HIT
age: 11051
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:41 GMT
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 09:34:38 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a5188cbd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated Show response
/ 671 B
671 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fb693fbb1d981ced832fb08e554758e8c381085db290bf93fe283467dd7f967

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 836 B
836 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c19bedb3afc1b0f667749fb820b49fa0bb1ce9a15f5c8514f506397b4026bde

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 732 B
732 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65400490ce413d527ecc94537aa5fc0fc04f1303efa25d5964fac9826c769455

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 455 B
455 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a796506b05eade2be3967e15999552d80663166acf246c6a55b46cdc5b9ac12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 250 B
250 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbe51afb6c301a5fb43e9379fa8556f85128582194e3e7e61b2a59d002811071

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 329 B
329 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f492a8c1bf95c719129c0bb7a71383a4273eb73b2a253299f9b213462a485415

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
hackerone.com/ 397 B
2 KB 271ms
269ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

188b4a8b402d0fecfa5ef1328f588f090d868744b0c42134b56fd44951bd370f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: b763bde9-10b1-480e-b3be-27757867fb9f
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"188b4a8b402d0fecfa5ef1328f588f09"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a51e9c8d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 effra-regular-D_4fK4bl.woff
hackerone.com/assets/static/ 26 KB
26 KB 25ms
24ms Font
application/font-woff 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/effra-regular-D_4fK4bl.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/main_css-n-6T_do_.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer: https://hackerone.com/assets/static/main_css-n-6T_do_.css

Response headers

content-encoding: br
cf-cache-status: HIT
age: 2562920
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:41 GMT
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/font-woff
last-modified: Tue, 17 Sep 2024 19:10:37 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a51fa10d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 effra-medium-BqNDoijG.woff
hackerone.com/assets/static/ 24 KB
24 KB 37ms
37ms Font
application/font-woff 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/effra-medium-BqNDoijG.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/main_css-n-6T_do_.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer: https://hackerone.com/assets/static/main_css-n-6T_do_.css

Response headers

content-encoding: br
cf-cache-status: HIT
age: 1925240
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:41 GMT
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/font-woff
last-modified: Tue, 24 Sep 2024 22:02:54 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a520a14d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated
/ 1 KB
1 KB Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc7b85e9777c59d6e9c305bce55eafa1e4194f0dc4ac35d2c72beef126178d3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
H2 200 1183296.json Show response
hackerone.com/reports/ 8 KB
5 KB 294ms
294ms XHR
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1183296.json

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eefd7888d205ef6bb589c78e58a13c7dba541866cecbe39cc3f55caa3c2f45cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-CSRF-Token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01

Response headers

x-request-id: 96a5d5ff-7a82-43e4-8281-150ae2cf6a95
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"eefd7888d205ef6bb589c78e58a13c7d"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response.json"
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a53cefbd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated Show response
/ 296 B
296 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fdf44bb7f8f8798a320a5fbec612455934615e4a78dbac00d7e5eb77784fc4e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 264 B
264 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55d759c1c5c06ab6984f11a11fbb7b99b526c874bb3b415ce05e8cae35ced85d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 248 B
248 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5906f41d51b82b25367a86308c08a191ab44f4a256ff4873595a1671ee415a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
hackerone.com/ 7 KB
4 KB 579ms
575ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cc9d7cc376a3f6e505e789c1d832e34d68a50739fab5a4480e117209cd293a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 6cd603d1-1350-47ca-aaf5-ad497d6d55c8
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"6cc9d7cc376a3f6e505e789c1d832e34"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a53df40d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 5 KB
1 KB 240ms
238ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4d913ffca5791c23a8f83927bc52ac6424413fd262fba5b4fb81677cfc2a9d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 1b172694-e4ba-4865-b5ec-389fab6a3ae8
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"e4d913ffca5791c23a8f83927bc52ac6"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a53df43d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 participants Show response
hackerone.com/reports/1183296/ 12 KB
5 KB 409ms
409ms XHR
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1183296/participants

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa01ed8cfbb55b8e628b723996bc31acae650fa5d8e79f82c9a60f43a57ab8e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-CSRF-Token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01

Response headers

x-request-id: 586bac96-b13b-4358-8892-63d89b0e26a8
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"fa01ed8cfbb55b8e628b723996bc31ac"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response.json"
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55ac96d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated Show response
/ 1 KB
1 KB XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d81e5ad0b39f1d51bed6e0f423deedb15b60dc2602105a73e20e36cba728991c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 233 B
233 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f3a300357853822f4a4fa40b506449aaa15187bb070413fbb98b7f874ad422e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
hackerone.com/ 123 B
2 KB 229ms
228ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a81288669cf9741d926389f89d07e2c3d3cea6dafbe71d66428f5cdf96dc57d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 566f5e3b-c1d7-43a5-9f34-0173bbb9ffae
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"0a81288669cf9741d926389f89d07e2c"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55bcb7d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 4 KB
2 KB 572ms
571ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f257de14c36170342705589049387a2884cf900312fdc040d54918b7739adac6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: d3261316-bb29-4a24-aab1-e1c70296ff3b
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"f257de14c36170342705589049387a28"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55bcbad284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 1 KB
1 KB 422ms
420ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

308156d2b63e3446480d2514f403769a6cf1362531e5ab3d200d3f9886080eca

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 89d65090-7c23-45e6-9134-7deceb2e9ee1
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"308156d2b63e3446480d2514f403769a"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55bcbed284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 168 B
2 KB 336ms
335ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4236202368f1498173ff26901192bcbc597ca9c0121c26e0baf560c13298faed

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 2b114e9a-1475-4a60-b9ca-a99d02130abc
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4236202368f1498173ff26901192bcbc"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55bcc2d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 hackerone-UtonlMnF.ttf
hackerone.com/assets/static/ 10 KB
11 KB 34ms
33ms Font
application/octet-stream 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/hackerone-UtonlMnF.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/main_css-n-6T_do_.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hackerone.com
Referer: https://hackerone.com/assets/static/main_css-n-6T_do_.css

Response headers

cf-cache-status: HIT
age: 2562937
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Sun, 17 Nov 2024 12:39:41 GMT
date: Thu, 17 Oct 2024 12:39:41 GMT
content-type: application/octet-stream
last-modified: Tue, 17 Sep 2024 19:10:37 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: public, max-age=2678400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55cce7d284-FRA
accept-ranges: bytes
content-length: 10596
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 events Show response
hackerone.com/ 32 B
671 B 338ms
336ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/events

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4751646586d363200e083435198e1aabb8b590c03089e5614c4d9096d18edc9d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/json

Response headers

x-request-id: b6f26b80-602d-4e00-a217-2bec4faf79e9
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4751646586d363200e083435198e1aab"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a55dd4fd284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated Show response
/ 228 B
228 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27ceec9dab2fc0eb62de1b58d86d9da1434903db718c887853cd36003978595a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 227 B
227 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3c62f48e07aa1f8fd5455a1f81660d985feec5ab9c4859928d1f90444e700b80

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
H2 200 991f7c316ce3d98bfb15895c7535ea637ccdd4b30e65e04419eeb40418ab222c
profile-photos.hackerone-user-content.com/variants/9cmk8yqcws36jyi3o9dhgbfrfrl9/ 3 KB
4 KB 669ms
602ms Image
image/jpeg 2600:9000:21f3:2000:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/9cmk8yqcws36jyi3o9dhgbfrfrl9/991f7c316ce3d98bfb15895c7535ea637ccdd4b30e65e04419eeb40418ab222c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2000:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bed79a8154a2037f8d5ea9baee3f3412b3391ac39ff9fea38c3696d9c182e01e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-amz-version-id: DwDl2Gs7H7hT23ILMl4RT821cCzaXvQw
etag: "a0f7928dfa6a55587c085e241bfb9de9"
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 3355
x-amz-cf-id: I9T3dwRjT2I2NdZFri7Pmdor1MLAJYrdkDFW4r_hIaeGP2EpG5s9ww==
date: Thu, 17 Oct 2024 12:39:43 GMT
content-type: image/jpeg
last-modified: Wed, 28 Aug 2024 01:40:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256

POST
H2 200 graphql Show response
hackerone.com/ 226 B
2 KB 231ms
231ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9e0612a653a9a7f5ca767e49acb2090ff748a7e757ee07eea1ecce8957dc044

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: e422dc5f-287e-4ed4-b94d-e5872d6a4b19
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"b9e0612a653a9a7f5ca767e49acb2090"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a57aa61d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 5 KB
3 KB 342ms
341ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f082f3cd362521768aa17d80f632da404ccff5e268d6cf9486750c40cf2e85

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: cfe7aa37-d1f0-4d87-8272-604d6cc95766
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"78f082f3cd362521768aa17d80f632da"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a57aa68d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H/1.1 200
OK 2566162fa3350b3517685f353721a248ee79b72e4d5c9b8bb76c9a12340451cb
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/471f5tu8isruu8fmh9h68cbkvpfc/ 8 KB
8 KB 622ms
257ms Image
image/png 52.218.180.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/471f5tu8isruu8fmh9h68cbkvpfc/2566162fa3350b3517685f353721a248ee79b72e4d5c9b8bb76c9a12340451cb?response-content-disposition=inline%3B%20filename%3D%22face.png%22%3B%20filename%2A%3DUTF-8%27%27face.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ46THA4J3%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123942Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJIMEYCIQD6WSZX8c4JquxaW454qzriaPkLHYEPzF6eS%2B6JG33ufAIhAL0o2Ao8HVJ%2Bnw0T%2ByP12AbwaCRISLaY3VDb7DHAAtfHKrIFCCwQAxoMMDEzNjE5Mjc0ODQ5IgyKR8Nxlo5Jy5iMbVoqjwW7YcaJsddmF4axAtM%2FhLj2inY9rJVl2Vo%2FOdYJsxIilCuau918BpGxjyMY22D55WGqyUpYHp8Gx9YCQqqRsU75o8JOCCYrN1gAr6goWeA9f8R%2Fka1wR9TQDnv60So9RpT82mOiYrkc0boo3M1Yu0KDhd9AiaGWaH0F%2F0e4YbXXnuidQ5JJYTVGdQFyLxwZq3anXh%2BIW1Erna1Jxu7LXom8r57BSN0tURs9DgnKX2w2BcGJ3Z1ES%2ByQ%2B6HT2cZg8IQuCTfjtDJlDmUZ4F889SRvEY8n2CEhdMEgsbUq4Q6TppRcAfWIFuui94lV3JJ9%2FB6XvrjTmreUUhGjcmHCq8FcWNWuoz%2BKJlCUIa3Wix%2BtCnwTPX9iI0NN23plH9ezGocYqYcwORrJ3P5MFQdhTd%2FlHoJqv2kRBWnPpp7eDJlw6CjcpJNcSn0Miqk535EW2c8LvBfj7zHOAAzKWu636fyBevDceEaHs2mOJA%2Fa8xStib4cqEYbLAACTAC2tLGhTyR3XW5JGWWdo55C7wQ%2FriM933Bbm%2B9ch1MzxBwKeXXjIX0wwuyBtsoUk2u8J5%2FxLaycmFaz7ZOoEdZ%2BgljK9aLu0HN3iX8oSM60oUvQ4HEeyS4PkZugWRzZ4zc391WWCnS2%2Bj5Oxjg9v9GWCX6HE9DR22QcFVki%2BUk6oKFzTlAx8UIcrjpiQuaICbmfF3PLrviRilY7%2FxhTEp373d4FToOjouQKCmVJ7yQKkRbctcXaiRa%2FKQtVwQByBeFltzShN4ttQTdZwXoym5ZLuOh59OMxVrKDtSaleLZJtmG3JQ7z%2Bty6bXhP7hil3ObFvY8XgKSBTouCSil25eQYvzCnIvDjeXQDDhxCDyE4jkvzzLN1MLzXw7gGOrABmb6CaWAOtNKNmIFL89RoeahSMXjg%2BgpAU%2FgI%2FSXAdrfavPZB9X65MYEvt7PZ3hjkyE828X1MLuYkYKY6JUS3gVbSbLkWberV5pEIMOfg5e6ga47FhpDsnJKO5WTl8NPYgHs0fBpCTJtrcIUO%2B7dFmVNA6flQ2nUH2Cki5D0kmuIWa3x7caL%2BBa8U6AZ6IBNhtVTfjxGPv0%2FpvQ4jO9nOYvPdGyB0d8eiqo0B3aQIq4o%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=cfcfac5226084f9726c8668b457c611eb77562a3d0fca4126dcee78879168dd3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.218.180.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 70e3f5c5b529be1d3d03c16c46d02fea9bfd72f5098fe295ae5badc447d3e18a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-id-2: JC48F/qQNfABk7PljG276cISTZHrsz6rUkm4pRK1PU4DNg32WETWXkBy9BshfoETUyIDoS/xVnk=
x-amz-replication-status: COMPLETED
Cache-Control: private, no-cache, no-store, must-revalidate
ETag: "ddfffd144ac782388fb7d1646f67699d"
x-amz-version-id: OOCURRnkuAhVgRZov2MEHeb4ySC4Og7y
x-amz-request-id: 0M4E0CKKFJV1HFYV
Accept-Ranges: bytes
Content-Length: 7847
Date: Thu, 17 Oct 2024 12:39:43 GMT
Last-Modified: Tue, 27 Aug 2024 23:54:22 GMT
Content-Disposition: inline; filename="face.png"; filename*=UTF-8''face.png
Server: AmazonS3
Content-Type: image/png
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK 991f7c316ce3d98bfb15895c7535ea637ccdd4b30e65e04419eeb40418ab222c
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/cu92uzd533p2gadiihzd9mb9o4zo/ 2 KB
3 KB 660ms
296ms Image
image/jpeg 52.218.180.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/cu92uzd533p2gadiihzd9mb9o4zo/991f7c316ce3d98bfb15895c7535ea637ccdd4b30e65e04419eeb40418ab222c?response-content-disposition=inline%3B%20filename%3D%22PicsArt_05-28-04.46.48.jpg%22%3B%20filename%2A%3DUTF-8%27%27PicsArt_05-28-04.46.48.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ46THA4J3%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123941Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJIMEYCIQD6WSZX8c4JquxaW454qzriaPkLHYEPzF6eS%2B6JG33ufAIhAL0o2Ao8HVJ%2Bnw0T%2ByP12AbwaCRISLaY3VDb7DHAAtfHKrIFCCwQAxoMMDEzNjE5Mjc0ODQ5IgyKR8Nxlo5Jy5iMbVoqjwW7YcaJsddmF4axAtM%2FhLj2inY9rJVl2Vo%2FOdYJsxIilCuau918BpGxjyMY22D55WGqyUpYHp8Gx9YCQqqRsU75o8JOCCYrN1gAr6goWeA9f8R%2Fka1wR9TQDnv60So9RpT82mOiYrkc0boo3M1Yu0KDhd9AiaGWaH0F%2F0e4YbXXnuidQ5JJYTVGdQFyLxwZq3anXh%2BIW1Erna1Jxu7LXom8r57BSN0tURs9DgnKX2w2BcGJ3Z1ES%2ByQ%2B6HT2cZg8IQuCTfjtDJlDmUZ4F889SRvEY8n2CEhdMEgsbUq4Q6TppRcAfWIFuui94lV3JJ9%2FB6XvrjTmreUUhGjcmHCq8FcWNWuoz%2BKJlCUIa3Wix%2BtCnwTPX9iI0NN23plH9ezGocYqYcwORrJ3P5MFQdhTd%2FlHoJqv2kRBWnPpp7eDJlw6CjcpJNcSn0Miqk535EW2c8LvBfj7zHOAAzKWu636fyBevDceEaHs2mOJA%2Fa8xStib4cqEYbLAACTAC2tLGhTyR3XW5JGWWdo55C7wQ%2FriM933Bbm%2B9ch1MzxBwKeXXjIX0wwuyBtsoUk2u8J5%2FxLaycmFaz7ZOoEdZ%2BgljK9aLu0HN3iX8oSM60oUvQ4HEeyS4PkZugWRzZ4zc391WWCnS2%2Bj5Oxjg9v9GWCX6HE9DR22QcFVki%2BUk6oKFzTlAx8UIcrjpiQuaICbmfF3PLrviRilY7%2FxhTEp373d4FToOjouQKCmVJ7yQKkRbctcXaiRa%2FKQtVwQByBeFltzShN4ttQTdZwXoym5ZLuOh59OMxVrKDtSaleLZJtmG3JQ7z%2Bty6bXhP7hil3ObFvY8XgKSBTouCSil25eQYvzCnIvDjeXQDDhxCDyE4jkvzzLN1MLzXw7gGOrABmb6CaWAOtNKNmIFL89RoeahSMXjg%2BgpAU%2FgI%2FSXAdrfavPZB9X65MYEvt7PZ3hjkyE828X1MLuYkYKY6JUS3gVbSbLkWberV5pEIMOfg5e6ga47FhpDsnJKO5WTl8NPYgHs0fBpCTJtrcIUO%2B7dFmVNA6flQ2nUH2Cki5D0kmuIWa3x7caL%2BBa8U6AZ6IBNhtVTfjxGPv0%2FpvQ4jO9nOYvPdGyB0d8eiqo0B3aQIq4o%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=6802e0f2b101cd3f903c4c3b8e24a93a0bf4d1cd0fd791523ebdc5d39811fb78
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 52.218.180.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 737022bbf245ab8401657b9aca08d22c43ddd7106107630f33305b911f996a55

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-id-2: fl0ix1CNm0YOqghvxFBx17lZrUHl9MSY1t4ES/lvCqtQA/TqSJgWPTylZ0bXbjmbidfpbRAdAHQ=
x-amz-replication-status: COMPLETED
Cache-Control: private, no-cache, no-store, must-revalidate
ETag: "c6e68d8e43db337bf6e18547240d6e4b"
x-amz-version-id: svd64X8sSutLSrsiJo_GoGK0gdI3unke
x-amz-request-id: 0M4AGBJ14KSWSQGS
Accept-Ranges: bytes
Content-Length: 1914
Date: Thu, 17 Oct 2024 12:39:43 GMT
Last-Modified: Wed, 28 Aug 2024 13:08:41 GMT
Content-Disposition: inline; filename="PicsArt_05-28-04.46.48.jpg"; filename*=UTF-8''PicsArt_05-28-04.46.48.jpg
Server: AmazonS3
Content-Type: image/jpeg
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated Show response
/ 249 B
249 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d929696601027530d25aef9fe88cec0f354722da372643f780f7dd2e8ff3d31

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
hackerone.com/ 337 B
822 B 248ms
247ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08aabe57497baada8425d992ad2cf4e3f6f4aad34ed7177001c683b8613b1fb6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 43fd3f9d-2674-4733-a867-84b21938d7f8
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"08aabe57497baada8425d992ad2cf4e3"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a588d18d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 231 KB
7 KB 1323ms
1318ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a69364055ef2f4c5202bce1ba35b8989c0a754b7a2b6fc1c0cf20cfaab6a294

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 8cc6bca1-7e28-4b8e-b155-255445ccb9f8
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"1a69364055ef2f4c5202bce1ba35b898"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:43 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a588d1ed284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 graphql Show response
hackerone.com/ 4 KB
4 KB 315ms
313ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52c2b850e7dc2115690dad0211243d2172ca56b10bd219ba474986c112f86d8f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: 3bf62e2f-ae03-4b87-9437-04a36259a1fc
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"52c2b850e7dc2115690dad0211243d21"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:42 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a5a19f7d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated Show response
/ 309 B
309 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d60e09ea6cfc3f2f18cc725f9c2c4677995a5e38a54c070cfe4861353cbb145a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

Content-Type: image/svg+xml

GET
H2 200 a11a5f547ea25bb14fce3951b07a50f6288859555c2028feb0c3aad3e1aea36d
profile-photos.hackerone-user-content.com/variants/9cmk8yqcws36jyi3o9dhgbfrfrl9/ 5 KB
6 KB 11ms
11ms Image
image/jpeg 2600:9000:21f3:2000:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/9cmk8yqcws36jyi3o9dhgbfrfrl9/a11a5f547ea25bb14fce3951b07a50f6288859555c2028feb0c3aad3e1aea36d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2000:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a4a88c23520892d189bae652d8c3b62277c058d26618b32bb4b42b3d769559

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-version-id: YV55sK4DF4tjL6Hw9lD73C0mQAHvxdg3
etag: "1bd6433140f4960089cbe95bc360cc16"
age: 1385
x-cache: Hit from cloudfront
x-amz-cf-id: -DD6GJiOo___iLOb2zxrPtO3N7Y-sdH_PUBWKvSj9HHz9LdaId5Y1g==
date: Thu, 17 Oct 2024 12:39:43 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2024 22:57:55 GMT
x-amz-replication-status: COMPLETED
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 5433
x-amz-cf-pop: FRA2-C2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK mzusnqhv5t6h6cj86ohafyge78lq
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/ 835 KB
836 KB 259ms
258ms Image
image/png 52.218.180.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/mzusnqhv5t6h6cj86ohafyge78lq?response-content-disposition=inline%3B%20filename%3D%22Screenshot_from_2021-05-03_22-56-47.png%22%3B%20filename%2A%3DUTF-8%27%27Screenshot_from_2021-05-03_22-56-47.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ2LF2XSAQ%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123943Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJGMEQCIHb10xS64RI6WRUAoIOj1OHDzqjOE428%2FgoxZyQkLw6gAiAmt4qFP1ayu1FNJ68HzLN0wRJZnsuv%2F%2FlRaisAO%2BQ2RiqxBQgsEAMaDDAxMzYxOTI3NDg0OSIMw3KtqoSLCeo9wnSgKo4F7A3iHqzpdm2pbhkXEVLfcz8wVG9HlR9Qu8In9eunBH%2BYttg%2FpiLC6PUpm3%2BXO2UkYozUaWwTVrKeOl8L5pEj%2Bs4%2BvYvRZ4HsKE66kTj%2FmYTgAv7pXLWuLyAUES34A8%2FvKwhItpA38DVKu0jnz92cCkZt6OaBqTYWWu1PwbOIjRaMBVVP1keN%2F6tGm%2FpQYXBXBmKrjJMFlThx3dlBQ3OgyQgBLK2Sk0WMWlK8WC27MxFEeaosb3KqZC31sAj76WksRHFi5CSYBUrE6g1ugXfd7QSuPPXV5ZXoPy%2B%2FgE8kEEr5d5UMngc6aXbTwJ%2Bny9XyDJGPPKjaBBkercjxZicheuR0V1eF73v%2Ffo3cZEeaJ8IvnDOpD5vEFRu8f0%2B1LtJRd29BRhzujmcDpWHVuMwtNh8wkRWq9lMnzb5TBdhVFHaaeC3A3etIMy%2FxmuY3T5QS2yrOHY4kIysL3WuvFyy2bYJQ%2B65%2BRdJU5xKEO%2FRheo68xvCHgxKSd276bsIB%2F0xfo4lBFIH9H65ZJmj8nT4DhTj4VAW7GLLTETVgL4u3ZdUB4xl%2B9XMKWC3zJNPOBdXoj30EtXcHd6laBhXVSVRt41GVMpFLacy7JyB3wdB6GX%2FAAYbeqvFnhIy%2FzQHFhZSi%2BgRqe9pai3MV9nT7Q0Zw0XGGI%2BnjIiYOY2ELXivVutS7lGxoGvtppuevYV3gD%2BX4gJ2CeSN%2Fo1e8pLSY4e02BLd9Ocfds4ALPtdOiSrIpGoxWwcBNtzSOCefrEBy4tGb7RiTicRLzG1JWX5TBPmCsepGYvsAgJhpszMIcHkWkdbuOyS7cn9%2FGsIX6CHrUKjbi4Sg4W6%2FQA%2B5Bl2g%2F9uzaND4IG3t%2Fwx2JnQHjv1TMI7Ww7gGOrIBNWUiEDqylH9HtABJBRqhyqa%2FpEvGKyd9K8P5c1i2LqjCwfdAJugQyTud%2B7b8Vr3tM8VuBsvS5Fy%2Fh9rXRNmB7qrX0dmeYFFPWnU0QdZTsgoQmHzdIFM%2FomK7HEeVvcac%2BpPGk5V5QEEpey4wi9IR5a1GFrtszbvoAWrhCMRbbtvwt4wrhejwAU%2Bkwt7UBF4pebi07%2BZuL6c7YAlelBDLht1hfYxDXboG3Xr%2Bb0UTvtpl1Q%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=ed1035a91698e4c05ccd368e59532444fee144afc8e9c12a13abbdc664cc9a39
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 52.218.180.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7111b507112a1bd7ca4faeb4a1fcb8bf81e6f9baab3629630638d3def42dbae9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-id-2: zC1RJxYKcM/w72pYNqwKj7LA9FupObjCN/yxfVgYRtCWT63yE7QxrIpa/yYtkwmk9wV9NHxLE5I=
x-amz-replication-status: COMPLETED
Cache-Control: private, no-cache, no-store, must-revalidate
ETag: "9ad5ae4ec854d838f41b25c3f5f3a5ed"
x-amz-version-id: EmKWPETO16i27OflLwwfTX75vMgWOb10
x-amz-request-id: JSR6231S22MWJ3BM
Accept-Ranges: bytes
Content-Length: 854901
Date: Thu, 17 Oct 2024 12:39:44 GMT
Last-Modified: Mon, 03 May 2021 20:57:14 GMT
Content-Disposition: inline; filename="Screenshot_from_2021-05-03_22-56-47.png"; filename*=UTF-8''Screenshot_from_2021-05-03_22-56-47.png
Server: AmazonS3
Content-Type: image/png
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK 2daf6d0b2e2d8aa9085fc68fc00d6512a588646c7fa4c97e4ba2b62874800d17
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/471f5tu8isruu8fmh9h68cbkvpfc/ 12 KB
13 KB 221ms
221ms Image
image/png 52.218.180.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/471f5tu8isruu8fmh9h68cbkvpfc/2daf6d0b2e2d8aa9085fc68fc00d6512a588646c7fa4c97e4ba2b62874800d17?response-content-disposition=inline%3B%20filename%3D%22face.png%22%3B%20filename%2A%3DUTF-8%27%27face.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ2LF2XSAQ%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123943Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJGMEQCIHb10xS64RI6WRUAoIOj1OHDzqjOE428%2FgoxZyQkLw6gAiAmt4qFP1ayu1FNJ68HzLN0wRJZnsuv%2F%2FlRaisAO%2BQ2RiqxBQgsEAMaDDAxMzYxOTI3NDg0OSIMw3KtqoSLCeo9wnSgKo4F7A3iHqzpdm2pbhkXEVLfcz8wVG9HlR9Qu8In9eunBH%2BYttg%2FpiLC6PUpm3%2BXO2UkYozUaWwTVrKeOl8L5pEj%2Bs4%2BvYvRZ4HsKE66kTj%2FmYTgAv7pXLWuLyAUES34A8%2FvKwhItpA38DVKu0jnz92cCkZt6OaBqTYWWu1PwbOIjRaMBVVP1keN%2F6tGm%2FpQYXBXBmKrjJMFlThx3dlBQ3OgyQgBLK2Sk0WMWlK8WC27MxFEeaosb3KqZC31sAj76WksRHFi5CSYBUrE6g1ugXfd7QSuPPXV5ZXoPy%2B%2FgE8kEEr5d5UMngc6aXbTwJ%2Bny9XyDJGPPKjaBBkercjxZicheuR0V1eF73v%2Ffo3cZEeaJ8IvnDOpD5vEFRu8f0%2B1LtJRd29BRhzujmcDpWHVuMwtNh8wkRWq9lMnzb5TBdhVFHaaeC3A3etIMy%2FxmuY3T5QS2yrOHY4kIysL3WuvFyy2bYJQ%2B65%2BRdJU5xKEO%2FRheo68xvCHgxKSd276bsIB%2F0xfo4lBFIH9H65ZJmj8nT4DhTj4VAW7GLLTETVgL4u3ZdUB4xl%2B9XMKWC3zJNPOBdXoj30EtXcHd6laBhXVSVRt41GVMpFLacy7JyB3wdB6GX%2FAAYbeqvFnhIy%2FzQHFhZSi%2BgRqe9pai3MV9nT7Q0Zw0XGGI%2BnjIiYOY2ELXivVutS7lGxoGvtppuevYV3gD%2BX4gJ2CeSN%2Fo1e8pLSY4e02BLd9Ocfds4ALPtdOiSrIpGoxWwcBNtzSOCefrEBy4tGb7RiTicRLzG1JWX5TBPmCsepGYvsAgJhpszMIcHkWkdbuOyS7cn9%2FGsIX6CHrUKjbi4Sg4W6%2FQA%2B5Bl2g%2F9uzaND4IG3t%2Fwx2JnQHjv1TMI7Ww7gGOrIBNWUiEDqylH9HtABJBRqhyqa%2FpEvGKyd9K8P5c1i2LqjCwfdAJugQyTud%2B7b8Vr3tM8VuBsvS5Fy%2Fh9rXRNmB7qrX0dmeYFFPWnU0QdZTsgoQmHzdIFM%2FomK7HEeVvcac%2BpPGk5V5QEEpey4wi9IR5a1GFrtszbvoAWrhCMRbbtvwt4wrhejwAU%2Bkwt7UBF4pebi07%2BZuL6c7YAlelBDLht1hfYxDXboG3Xr%2Bb0UTvtpl1Q%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=e234a67545bad4b42bf9824a036a23dfe0a0ddbeb3289c2837f680585c5e908f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.218.180.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 02bc4f619479273289229ea8b1ee63bf64b2e89d836f6992abad2f2b43a021c8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-id-2: YyR2hOeCwXOwaYSPmZdof6+GTS+i8n6DNsuoHKUqas41xn8prAJLQwgM2ELJsdYw0sK+GmvJqxg=
x-amz-replication-status: COMPLETED
Cache-Control: private, no-cache, no-store, must-revalidate
ETag: "d41d1ad5ca96e2087f7b2f7b610f5120"
x-amz-version-id: PEf01NHrNon17B8JRWjyQE5aKFS4unIK
x-amz-request-id: JSR88R8CECB411BF
Accept-Ranges: bytes
Content-Length: 12551
Date: Thu, 17 Oct 2024 12:39:44 GMT
Last-Modified: Tue, 27 Aug 2024 23:14:59 GMT
Content-Disposition: inline; filename="face.png"; filename*=UTF-8''face.png
Server: AmazonS3
Content-Type: image/png
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK 2daf6d0b2e2d8aa9085fc68fc00d6512a588646c7fa4c97e4ba2b62874800d17
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/z1ny3k7xwgk5401qu9wb2hfep9bs/ 15 KB
16 KB 433ms
209ms Image
image/png 52.218.180.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/z1ny3k7xwgk5401qu9wb2hfep9bs/2daf6d0b2e2d8aa9085fc68fc00d6512a588646c7fa4c97e4ba2b62874800d17?response-content-disposition=inline%3B%20filename%3D%22logo.png%22%3B%20filename%2A%3DUTF-8%27%27logo.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ2LF2XSAQ%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123943Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJGMEQCIHb10xS64RI6WRUAoIOj1OHDzqjOE428%2FgoxZyQkLw6gAiAmt4qFP1ayu1FNJ68HzLN0wRJZnsuv%2F%2FlRaisAO%2BQ2RiqxBQgsEAMaDDAxMzYxOTI3NDg0OSIMw3KtqoSLCeo9wnSgKo4F7A3iHqzpdm2pbhkXEVLfcz8wVG9HlR9Qu8In9eunBH%2BYttg%2FpiLC6PUpm3%2BXO2UkYozUaWwTVrKeOl8L5pEj%2Bs4%2BvYvRZ4HsKE66kTj%2FmYTgAv7pXLWuLyAUES34A8%2FvKwhItpA38DVKu0jnz92cCkZt6OaBqTYWWu1PwbOIjRaMBVVP1keN%2F6tGm%2FpQYXBXBmKrjJMFlThx3dlBQ3OgyQgBLK2Sk0WMWlK8WC27MxFEeaosb3KqZC31sAj76WksRHFi5CSYBUrE6g1ugXfd7QSuPPXV5ZXoPy%2B%2FgE8kEEr5d5UMngc6aXbTwJ%2Bny9XyDJGPPKjaBBkercjxZicheuR0V1eF73v%2Ffo3cZEeaJ8IvnDOpD5vEFRu8f0%2B1LtJRd29BRhzujmcDpWHVuMwtNh8wkRWq9lMnzb5TBdhVFHaaeC3A3etIMy%2FxmuY3T5QS2yrOHY4kIysL3WuvFyy2bYJQ%2B65%2BRdJU5xKEO%2FRheo68xvCHgxKSd276bsIB%2F0xfo4lBFIH9H65ZJmj8nT4DhTj4VAW7GLLTETVgL4u3ZdUB4xl%2B9XMKWC3zJNPOBdXoj30EtXcHd6laBhXVSVRt41GVMpFLacy7JyB3wdB6GX%2FAAYbeqvFnhIy%2FzQHFhZSi%2BgRqe9pai3MV9nT7Q0Zw0XGGI%2BnjIiYOY2ELXivVutS7lGxoGvtppuevYV3gD%2BX4gJ2CeSN%2Fo1e8pLSY4e02BLd9Ocfds4ALPtdOiSrIpGoxWwcBNtzSOCefrEBy4tGb7RiTicRLzG1JWX5TBPmCsepGYvsAgJhpszMIcHkWkdbuOyS7cn9%2FGsIX6CHrUKjbi4Sg4W6%2FQA%2B5Bl2g%2F9uzaND4IG3t%2Fwx2JnQHjv1TMI7Ww7gGOrIBNWUiEDqylH9HtABJBRqhyqa%2FpEvGKyd9K8P5c1i2LqjCwfdAJugQyTud%2B7b8Vr3tM8VuBsvS5Fy%2Fh9rXRNmB7qrX0dmeYFFPWnU0QdZTsgoQmHzdIFM%2FomK7HEeVvcac%2BpPGk5V5QEEpey4wi9IR5a1GFrtszbvoAWrhCMRbbtvwt4wrhejwAU%2Bkwt7UBF4pebi07%2BZuL6c7YAlelBDLht1hfYxDXboG3Xr%2Bb0UTvtpl1Q%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=6bd73121d512d7002b579382193d6f17ef6ab6c518ce65bc531fcca00c1727df
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.218.180.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: acc30126368d62824fd96e0a1802b5837a5b10506fb8fe10d335fba76afe0aa2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-id-2: 17OJnJFq2vPoFN5hH1L1BEHjBN83bVyCd+3yOIG1mvD2Gk8O27IKAWnxX2idkN7ajLlnRY3lcbQ=
x-amz-replication-status: COMPLETED
Cache-Control: private, no-cache, no-store, must-revalidate
ETag: "d0e0b0f47345ca14fbabcb35f190fec6"
x-amz-version-id: _SS8KJQ4ga3iRfG5hv.tOP3Qkeo0Mx7h
x-amz-request-id: JSR0M4JW8M4QB71V
Accept-Ranges: bytes
Content-Length: 15699
Date: Thu, 17 Oct 2024 12:39:44 GMT
Last-Modified: Tue, 27 Aug 2024 22:54:36 GMT
Content-Disposition: inline; filename="logo.png"; filename*=UTF-8''logo.png
Server: AmazonS3
Content-Type: image/png
x-amz-server-side-encryption: AES256

POST
H2 200 graphql Show response
hackerone.com/ 7 KB
5 KB 787ms
785ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-DdvQV1gj.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36407abde998991aba9eb1925f1c2afa49fd25eab66935fe16994a7c877809f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-product-area: reports
x-csrf-token: euoTMkPoKYUX5w3R9nS2VU6m8bUgvG9BJnKiXNVPMIsnyv9RUVvYhiyVhYm61rBY7NInyRMGgaRNaEQDTb3Elg==
Referer: https://hackerone.com/reports/1183296
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: */*
x-product-feature: details
content-type: application/json

Response headers

x-request-id: fffd3b9e-b6fc-42bc-8d1e-a1ac642567a9
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"36407abde998991aba9eb1925f1c2afa"
expect-ct: enforce, max-age=86400
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 17 Oct 2024 12:39:44 GMT
content-type: application/json; charset=utf-8
content-disposition: inline; filename="response."
vary: Accept
x-frame-options: DENY
user-authenticated: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8d405a61e890d284-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H/1.1 200
OK mzusnqhv5t6h6cj86ohafyge78lq
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/ 835 KB
836 KB 203ms
203ms Image
image/png 52.218.180.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/mzusnqhv5t6h6cj86ohafyge78lq?response-content-disposition=inline%3B%20filename%3D%22Screenshot_from_2021-05-03_22-56-47.png%22%3B%20filename%2A%3DUTF-8%27%27Screenshot_from_2021-05-03_22-56-47.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTWDIHNIE%2F20241017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20241017T123944Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIFVspeOi%2BN1sq3Pgae9EAZFNOs8izZLQ1ZWg5q%2BT4aSPAiEA9QCEI7eTd1FX3D7Tl5rhKqWDkRMB0ITOwwCFjfQdrVoqsQUILRADGgwwMTM2MTkyNzQ4NDkiDNTo39KKUHGHyCPDYSqOBeI0xoaZFc950lYoTUv%2FPtvrW4jWOjAilPiJ5CFaV8TV%2BYyhN8ut3MozHt6QlgiOX4pRbeUaw55X5L%2FPE0WgAjwF7m7tF50syGNt5%2BXPinA8EEvxr7JNI0zskDGNUQDQscYBv3VX%2Bqku3LyfJlvp7SPNu%2F4PPf%2BMG2fx5sCEuK3nI0AxyMAtPNt%2Fm6U%2BPzdwC8B%2FVrXL7y8%2BMLwulesBN9zQZmNEfLxJJZ0xfcoiAkXtXjrNfn63cpQHWjgK3WRCNOpbyikblXVH4Krnp9GpMwmnigKPUiM3d8UWCIw5O%2F3B781B%2FF8%2BB1%2ByphBqMGDCocGY4zQfPYbqLWEUF%2BXmIDujH7pRKE6yFZs8AW8vi62b%2FTbYG304sL3rG7jLdaSwYK82OFeqGZ%2BIzOPmP4OOKK8%2FoWfFDIK%2FwIN1lbm8r%2F8gSMBsfJ26iDxNf29xQjpt49jdB1gGw0L7vZ0aZIYtLxLAlclOAko%2F3I6Jv5lxEhn1ZdaSgwxM4TVd6KOHNWFvrSYI9AVzjxz2uwcgEN8Y2Ek5YLK%2F5FZ%2FocZkKuY5zL4HdKa7NWS7zM0yoOBRUyqwiRAX8qspmZoqG322XAbaGDQgXLO0J8LCjHDXKtvxoJ6nzLhlArlzW3fCkcmIX00IxODygo9ao3nOsseDe4J1NKYl8B%2FDqc4SmbGBz9Oht3yuio5FVFGxvJZ5lnc3Br2SJW5waRoJttaWQvUqhFU040y9FAYQP19ldoGyYj2yHCVzziz%2BZ3lRhMRCcG3RS6CUCD4Bnp5X8%2FMrQk%2FLUs2hMrYbuvynCgopsZeRTiDHUe8I5quwrdhRW72kSr%2Fx4Z%2FNz9FV%2BPMT%2BQmKQH9lqpw7Du0KgB0KYlqT0mhiqa5WRDC658O4BjqxAZuYjNwitlGNjpjoPlU2ygYRzoNKtu1OEJJEkrzqY%2Fq8KrQE1E6KOS8sILTRVZipdgQSj4oOYoc1ZreO9Rx8XYP2eWD6NwvLv98aTVHsYeHP%2FXAgCb2JVkkjOkrfqZgh7fUzJam6mE0fTpeRI9SmPd5ZkGfibCoZoSABJSrXhXcOmWOjXo%2BYZDufc%2FDhfa2xIxWyWhKkQECNaDD4kXbo9%2BRqd2BNCFM52w1cHIXf0eyb1Q%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=e07e5abbef6f2fa79bf5a6aa6e1cd839ebb1e8f559276b98041e4e53e4f69c6a
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 52.218.180.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7111b507112a1bd7ca4faeb4a1fcb8bf81e6f9baab3629630638d3def42dbae9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://hackerone.com/

Response headers

x-amz-id-2: clminU6w0Gj0UtyrB0n2irtgMs+nYd4ITAiTAAEhpIumcvZEzNcTXUkZn/GiWDeTF8MhOMjZ7i4=
x-amz-replication-status: COMPLETED
Cache-Control: private, no-cache, no-store, must-revalidate
ETag: "9ad5ae4ec854d838f41b25c3f5f3a5ed"
x-amz-version-id: EmKWPETO16i27OflLwwfTX75vMgWOb10
x-amz-request-id: 1CG63R7Y9C6M0CR1
Accept-Ranges: bytes
Content-Length: 854901
Date: Thu, 17 Oct 2024 12:39:46 GMT
Last-Modified: Mon, 03 May 2021 20:57:14 GMT
Content-Disposition: inline; filename="Screenshot_from_2021-05-03_22-56-47.png"; filename*=UTF-8''Screenshot_from_2021-05-03_22-56-47.png
Server: AmazonS3
Content-Type: image/png
x-amz-server-side-encryption: AES256

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hackerone.com/	1970-01-21 09:05:04	Name: h1_device_id Value: 687778fa-2d8f-4936-b755-58ee9e6b5128
.hackerone.com/	1969-12-31 23:59:59	Name: _cfuvid Value: KnIxtt3AvLsitRRMGb3YFUo0kQLKbN8Y7TJA2SwMM0s-1729168779225-0.0.1.1-604800000
hackerone.com/	1970-01-21 00:39:38	Name: __Host-session Value: TlZtV0N4UGRSaEtjTk9OV0dSbWo5RzlmR0J6OEVDZmhsOFdMN0ZwelBOVVlBSjFWZWJzb090dngybFNTMGdDdVA2K2x4WUs0bUpKTitqUkhDMVY1MGZvNVRtbnNLYjFiS045bjZkdUgwWU8reERsMHljaFBwNWhrT0VBczUrZXBsNE8zbjFpZWpseGd0YTIyQUdGamNpOVJzTU1CbEMvT2w1R1ZaNkl6anRHei9JL05iQ3NWbnkvWFU5eW1QL00yY3NBc2NiTzY0MTIvQ3lIVlVndWlraHBveG9OM0tkWWRxSklUUjRtaFAxbThEMTlsWGJtZ3orbXdvdkV0c3lCY1BWc0Q4eElaanpOM2lWMGFGZ2NhWFJXTit2Z3hBTERrYnlvRnE0WDBZMmM9LS1hV1lnRmgvQ0wxVnNFVkhFc05kNUxRPT0%3D--7beec2b28b73c5ef46ce256338104ef889f1f84c
hackerone.com/	1970-01-21 00:19:29	Name: _dd_s Value: rum=0&expire=1729169681048

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self' www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io messenger-apps.intercom.io/statuspage/view_status js.intercomcdn.com; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-meJQiKA90BUN7sYlBDAi2ekNSUjFbkUdhNqfLmDETug=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
hackerone.com
profile-photos.hackerone-user-content.com
2600:9000:21f3:2000:4:4c7d:87c0:93a1
2606:4700:4400::6812:24d6
52.218.180.129
02bc4f619479273289229ea8b1ee63bf64b2e89d836f6992abad2f2b43a021c8
08aabe57497baada8425d992ad2cf4e3f6f4aad34ed7177001c683b8613b1fb6
0a81288669cf9741d926389f89d07e2c3d3cea6dafbe71d66428f5cdf96dc57d
0fb693fbb1d981ced832fb08e554758e8c381085db290bf93fe283467dd7f967
188b4a8b402d0fecfa5ef1328f588f090d868744b0c42134b56fd44951bd370f
1a69364055ef2f4c5202bce1ba35b8989c0a754b7a2b6fc1c0cf20cfaab6a294
27ceec9dab2fc0eb62de1b58d86d9da1434903db718c887853cd36003978595a
2f3a300357853822f4a4fa40b506449aaa15187bb070413fbb98b7f874ad422e
2fd6193f1bd4f90a51bb3d52b2e31113668548cae1fe3efe755de9bb641c648f
308156d2b63e3446480d2514f403769a6cf1362531e5ab3d200d3f9886080eca
36407abde998991aba9eb1925f1c2afa49fd25eab66935fe16994a7c877809f1
3c62f48e07aa1f8fd5455a1f81660d985feec5ab9c4859928d1f90444e700b80
4236202368f1498173ff26901192bcbc597ca9c0121c26e0baf560c13298faed
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
4751646586d363200e083435198e1aabb8b590c03089e5614c4d9096d18edc9d
50044ecd55c2c23f124c30c0f129cbd696f763381ddeb7ba4ef175a4bce451c7
52c2b850e7dc2115690dad0211243d2172ca56b10bd219ba474986c112f86d8f
538cb3031d597b9ef5efeea0854e6e1ad4254d6608319397e49ef9aaa828093c
55d759c1c5c06ab6984f11a11fbb7b99b526c874bb3b415ce05e8cae35ced85d
65400490ce413d527ecc94537aa5fc0fc04f1303efa25d5964fac9826c769455
6cc9d7cc376a3f6e505e789c1d832e34d68a50739fab5a4480e117209cd293a6
70e3f5c5b529be1d3d03c16c46d02fea9bfd72f5098fe295ae5badc447d3e18a
7111b507112a1bd7ca4faeb4a1fcb8bf81e6f9baab3629630638d3def42dbae9
737022bbf245ab8401657b9aca08d22c43ddd7106107630f33305b911f996a55
78f082f3cd362521768aa17d80f632da404ccff5e268d6cf9486750c40cf2e85
7a3d515f5e9433b51138451c69da3e0cf14ec0eaa2046a129ec21e4f6182a09d
7d929696601027530d25aef9fe88cec0f354722da372643f780f7dd2e8ff3d31
86a4a88c23520892d189bae652d8c3b62277c058d26618b32bb4b42b3d769559
8a796506b05eade2be3967e15999552d80663166acf246c6a55b46cdc5b9ac12
8b6a2afb2e2223dfaf0f2c9b6763fdc5277caec765a001e7c5117b7db69b3735
8c19bedb3afc1b0f667749fb820b49fa0bb1ce9a15f5c8514f506397b4026bde
8e2dc32075dacd201748d3160634a6812f1de3a71b0de4b0cf173906b0fe8e15
8f50b642d8fbf281941f156b757a01d5c72578316359774d7a69c3d77b07d727
8fdf44bb7f8f8798a320a5fbec612455934615e4a78dbac00d7e5eb77784fc4e
916cfc7bd5423aaee3af2f0fb4b9e098c647d0f2f1f2ae9e85ffa5d122288b03
93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c
a0138e1b73340d916bddd2a27cae7b2c4ad40154211c81fa3cfd2f6d0ecb4fe0
a4ec3868386e1428701c36deae157e30cf5629a827417e18c64f5d0508c00b87
a5906f41d51b82b25367a86308c08a191ab44f4a256ff4873595a1671ee415a1
ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b
acc30126368d62824fd96e0a1802b5837a5b10506fb8fe10d335fba76afe0aa2
b9e0612a653a9a7f5ca767e49acb2090ff748a7e757ee07eea1ecce8957dc044
ba712982ab0d40a72abb893646db62ade35983fc4bdb83abb9a7ebdcd75f569d
bc7b85e9777c59d6e9c305bce55eafa1e4194f0dc4ac35d2c72beef126178d3d
bed79a8154a2037f8d5ea9baee3f3412b3391ac39ff9fea38c3696d9c182e01e
cbe51afb6c301a5fb43e9379fa8556f85128582194e3e7e61b2a59d002811071
d60e09ea6cfc3f2f18cc725f9c2c4677995a5e38a54c070cfe4861353cbb145a
d81e5ad0b39f1d51bed6e0f423deedb15b60dc2602105a73e20e36cba728991c
e4d913ffca5791c23a8f83927bc52ac6424413fd262fba5b4fb81677cfc2a9d3
ee31b61d5fb57180c6a66547f962165fc19825613c5a3069a486b4c74526deec
eefd7888d205ef6bb589c78e58a13c7dba541866cecbe39cc3f55caa3c2f45cb
f257de14c36170342705589049387a2884cf900312fdc040d54918b7739adac6
f492a8c1bf95c719129c0bb7a71383a4273eb73b2a253299f9b213462a485415
fa01ed8cfbb55b8e628b723996bc31acae650fa5d8e79f82c9a60f43a57ab8e0

hackerone.com Open in urlscan Pro 2606:4700:4400::6812:24d6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

39 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

4891 kBTransfer

13915 kBSize

4 Cookies

12 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hackerone.com Open in urlscan Pro
2606:4700:4400::6812:24d6 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

4891 kB
Transfer

13915 kB
Size

4
Cookies

39 HTTP transactions
16 data transactions