urlscan.io logo urlscan.io
SecurityTrails logo

app.holded.com Open in urlscan Pro
2606:4700:10::6816:4393  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.holded.com/
Effective URL: https://app.holded.com/
Submission: On March 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 2 countries across 12 domains to perform 57 HTTP transactions. The main IP is 2606:4700:10::6816:4393, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.holded.com.
TLS certificate: Issued by E1 on March 3rd 2024. Valid for: 3 months.
This is the only time app.holded.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 30 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.224.189.18 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 34.120.195.249 396982 (GOOGLE-CL...)
3 18.245.46.55 16509 (AMAZON-02)
1 52.222.206.118 16509 (AMAZON-02)
2 54.236.234.143 14618 (AMAZON-AES)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 44.237.248.61 16509 (AMAZON-02)
57 14
30    2606:4700:10::6816:4393 (United States)

ASN13335 (CLOUDFLARENET, US)
app.holded.com
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
10    2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    13.224.189.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-18.fra2.r.cloudfront.net
widget.intercom.io
1    2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o448960.ingest.sentry.io
3    18.245.46.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-55.fra56.r.cloudfront.net
js.intercomcdn.com
1    52.222.206.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-118.fra56.r.cloudfront.net
cdn.amplitude.com
2    54.236.234.143 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-234-143.compute-1.amazonaws.com
api-iam.intercom.io
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    44.237.248.61 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-237-248-61.us-west-2.compute.amazonaws.com
api2.amplitude.com
Apex Domain
Subdomains		 Transfer
30 holded.com
app.holded.com
3 MB
10 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 334
186 KB
3 amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 2700
api2.amplitude.com — Cisco Umbrella Rank: 1196
18 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2000
300 KB
3 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1628
api-iam.intercom.io — Cisco Umbrella Rank: 1963
9 KB
2 gstatic.com
fonts.gstatic.com
32 KB
2 sentry.io
o448960.ingest.sentry.io
571 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 541
303 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310
11 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
118 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 788
7 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1 KB
57 12
Domain Requested by
30 app.holded.com 1 redirects app.holded.com
10 cdn.cookielaw.org www.googletagmanager.com
app.holded.com
cdn.cookielaw.org
3 js.intercomcdn.com widget.intercom.io
js.intercomcdn.com
2 api2.amplitude.com app.holded.com
2 fonts.gstatic.com fonts.googleapis.com
2 api-iam.intercom.io js.intercomcdn.com
2 o448960.ingest.sentry.io app.holded.com
1 geolocation.onetrust.com app.holded.com
1 cdn.amplitude.com cdn.jsdelivr.net
1 cdn.jsdelivr.net www.googletagmanager.com
1 widget.intercom.io www.googletagmanager.com
1 www.googletagmanager.com app.holded.com
1 static.cloudflareinsights.com app.holded.com
1 fonts.googleapis.com app.holded.com
57 14

This site contains links to these domains. Also see Links.

Domain
www.holded.com
cookiepedia.co.uk
www.onetrust.com
Subject Issuer Validity Valid
holded.com
E1		 2024-03-03 -
2024-06-01		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
cloudflareinsights.com
GTS CA 1P5		 2024-03-10 -
2024-06-08		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh
cdn.amplitude.com
Amazon RSA 2048 M02		 2023-12-14 -
2025-01-12		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-03-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://app.holded.com/
Frame ID: 9AF527EF199AD1506C279F261E3411EA
Requests: 51 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.e4dd7c2e.js
Frame ID: BC9ADE423083A90EC83F847158ABC3EE
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmeldung - HoldedBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. http://app.holded.com/ HTTP 301
    https://app.holded.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.amplitude\.com
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

57
Requests

100 %
HTTPS

57 %
IPv6

12
Domains

14
Subdomains

14
IPs

2
Countries

3939 kB
Transfer

13980 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.holded.com/ HTTP 301
    https://app.holded.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

57 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.holded.com/
Redirect Chain
  • http://app.holded.com/
  • https://app.holded.com/
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10766c908b45cffd397c8850e1de0803c67edc5fb94c8d882f16a62b93079f50
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2fa752378e6e295002b91448baaa14b7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
cf-apo-via
origin,host
cf-cache-status
DYNAMIC
cf-ray
8635e4011d5f35ee-FRA
content-encoding
gzip
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2fa752378e6e295002b91448baaa14b7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
content-type
text/html; charset=UTF-8
date
Tue, 12 Mar 2024 18:36:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
pragma
no-cache
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=31536000; preload; includeSubDomains
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

CF-RAY
8635e400cdcf4daf-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Tue, 12 Mar 2024 18:36:35 GMT
Expires
Tue, 12 Mar 2024 19:36:35 GMT
Location
https://app.holded.com/
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
auth-ofrbBHmm.js
app.holded.com/frontend-next-gen/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/auth-ofrbBHmm.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
477794f236a132ff1a9c44d928e66735cb6875f1bb2fb3db6073433101f9f810
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-7e4a1f015deac60526de32a8ed6cf218' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-7e4a1f015deac60526de32a8ed6cf218' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=1281
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:31:33 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401fea235ee-FRA
vendor-Pakyn_pj.js
app.holded.com/frontend-next-gen/ 		4 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/vendor-Pakyn_pj.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90f082417adc25abf75dbb3b4ba740e9e656b294a211d3953bfb5496b45a27c5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-ee8eec1168c53759f8646e7fae291ede' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-ee8eec1168c53759f8646e7fae291ede' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6904
cf-polished
origSize=4103653
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:37 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401fea335ee-FRA
@fortawesome-SfuGdBbk.js
app.holded.com/frontend-next-gen/ 		188 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/@fortawesome-SfuGdBbk.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea092957a088ce5897d1540e131a0a47a3fcfd34053f9421fe41e42c6d6fd4e0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-777765f4b25b5195ad0cb56ac1594191' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-777765f4b25b5195ad0cb56ac1594191' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6904
cf-polished
origSize=192398
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401fea635ee-FRA
@react-router-j96wj7eo.js
app.holded.com/frontend-next-gen/ 		57 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/@react-router-j96wj7eo.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4972342669b521b38efc819949c0c2100f622530a6011219c08d06965a82a7a4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-b17780ea05daea093f3b82a3ae2d8d92' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-b17780ea05daea093f3b82a3ae2d8d92' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=58771
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:30:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401fea935ee-FRA
index-X_2RS-W3.js
app.holded.com/frontend-next-gen/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/index-X_2RS-W3.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82492eb2c40df78f7d76178ea2966b15867afd4c958b1a92ea0e545be11e79de
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-602c93ffdf9672fda3cbb603b38c7ffb' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-602c93ffdf9672fda3cbb603b38c7ffb' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=9611
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:31:33 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401feab35ee-FRA
x-49fa_sho.js
app.holded.com/frontend-next-gen/@mui/ 		508 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a16ff79e608092e8ed0f16cbd8b1ec0999e86b98b3cfc8aa7243ceb4ef902abc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-ca8a272d50d093b8fedcc7addb9fd6a7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-ca8a272d50d093b8fedcc7addb9fd6a7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6905
cf-polished
origSize=520605
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:45 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401feac35ee-FRA
email-9RSnlyOm.js
app.holded.com/frontend-next-gen/ 		513 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/email-9RSnlyOm.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4be184c08616780ef96665bceda034d259052bd439e7c01837df8feff91b693c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-97d97ca864a75ade98162ed6e21910b0' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-97d97ca864a75ade98162ed6e21910b0' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=514
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:31:33 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401feb235ee-FRA
utils-mdYUX2F6.js
app.holded.com/frontend-next-gen/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/utils-mdYUX2F6.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d48d5d2c3d94a8a96ac8f0200e31db826208416f2859fe3a3d76b5dfc8cc5110
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-9fa59eb0764fbb47211370df57482da9' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-9fa59eb0764fbb47211370df57482da9' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=18296
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:31:56 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401feb735ee-FRA
account-Uh60UX5K.js
app.holded.com/frontend-next-gen/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/account-Uh60UX5K.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4b00c0b8654832c0eb0bff97b96100d4251cebb3392044db2b7c330687d8bba
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-115e0c3ce10c80baa22ca715a8f9c6c9' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-115e0c3ce10c80baa22ca715a8f9c6c9' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=2961
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:30:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401feb835ee-FRA
index-MkE5SMf3.js
app.holded.com/frontend-next-gen/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/index-MkE5SMf3.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a01dbd62837bb3f395c27726dfb66492e697d2917d554ba81d62b6ebb44268a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2bdfec38787230c24a5cdfba075c157e' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2bdfec38787230c24a5cdfba075c157e' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6905
cf-polished
origSize=1985
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:42 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e401febc35ee-FRA
i18next.config-FUzxPqSm.js
app.holded.com/frontend-next-gen/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/i18next.config-FUzxPqSm.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e33677c2fd687eab0c44c47d34b316298a5aac40e07d9740afeddab98e075654
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-be3dc410c43e8f2ba3c7b1672631723c' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-be3dc410c43e8f2ba3c7b1672631723c' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6905
cf-polished
origSize=6911918
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:45 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4020ec035ee-FRA
@notistack-LfXIP84z.js
app.holded.com/frontend-next-gen/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/@notistack-LfXIP84z.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d870092ed28f82fe53660c49e9f541b0e25bda311420ae826ca5381d83ff1d4a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-c362d65b6a645d0b21defe4654a5296f' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-c362d65b6a645d0b21defe4654a5296f' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6905
cf-polished
origSize=22921
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:47 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4020ec235ee-FRA
@sentry-vVkiL38g.js
app.holded.com/frontend-next-gen/ 		121 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e43143507cd19b3b4aed95571155ec08fe86e0ab5aa9d93c2c997c276450b62b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2607b0acce46132c2888bdf7a5b4103b' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2607b0acce46132c2888bdf7a5b4103b' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6905
cf-polished
origSize=123784
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:42 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4020ec435ee-FRA
sentry-uW234HTO.js
app.holded.com/frontend-next-gen/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/sentry-uW234HTO.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5dd1f8372f4fef65ba81d4f4e61a71f4df13344a4248e9079872476ab329696
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-735ad16cfaf13b6e6f4848b7df670f35' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
https://app.holded.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-735ad16cfaf13b6e6f4848b7df670f35' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=1076
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:31:49 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4020ec635ee-FRA
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Mar 2024 18:36:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 12 Mar 2024 16:53:20 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Mar 2024 18:36:35 GMT
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-encoding
gzip
last-modified
Tue, 10 Oct 2023 21:38:13 GMT
server
cloudflare
etag
W/"2023.10.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
8635e4023d8465da-FRA
gtm.js
www.googletagmanager.com/ 		412 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TVM4ZTD
Requested by
Host: app.holded.com
URL: https://app.holded.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c354e562d255f8369cd19f83be2bad62e892506a8ae50ddb97d8d6f8a96c03ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120156
x-xss-protection
0
last-modified
Tue, 12 Mar 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 12 Mar 2024 18:36:35 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js?did=8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TVM4ZTD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
/RTAD1TAPuPWblD15GN1pg==
age
15420
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6842
x-ms-lease-status
unlocked
last-modified
Mon, 11 Mar 2024 03:48:46 GMT
server
cloudflare
etag
0x8DC417E27791B0E
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
3ef90e0b-a01e-0036-5fc1-73b4f3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8635e4041f1d2bcf-FRA
gwbpci68
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/gwbpci68
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TVM4ZTD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-18.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a3ff489e261d587646568bd766f2e6777a6e3697735c667374fd4052986cb3ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id
bXLbf9siWMqgL0nTSyFMq4.8XxBvrilk
content-encoding
gzip
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
date
Tue, 12 Mar 2024 18:35:28 GMT
x-amz-cf-pop
FRA2-C1
age
68
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2705
last-modified
Tue, 12 Mar 2024 17:33:22 GMT
server
AmazonS3
etag
"039f6a0a68caabf7d59f5c4c75a70a34"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
-Zhr2PsUQq0bXECRQ1N2Q4xqA9cBkywifLU7JaMifv5le5sV4cs18w==
index.js
cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.7.1/dist/ 		24 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.7.1/dist/index.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TVM4ZTD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f635cc11075c6c748d78bf5ff56f84c94229a01a3224368a674a25ea0c98aa4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9122991
x-jsd-version
3.7.1
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230090-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"6153-3ZIgkRGikngRf9tOJUsS9US5pnQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WY7Y1h16dduUca3HQON9v2nmctobowZmjJoQcKJCLhiS7%2FEycplx%2FHX9DRHDg4VntVIXe9dhPZa%2BX9%2F8CYSerXonhp2S5FdnpabZRT9FkSSS3jQ4vtkG5KcxseJofC%2BL8cGoBUj89dvB5RpiUi4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
8635e4044cf12c75-FRA
/
o448960.ingest.sentry.io/api/6142053/envelope/ 		2 B
324 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o448960.ingest.sentry.io/api/6142053/envelope/?sentry_key=c452418ab0764a6f97f6f0b27c67def5&sentry_version=7&sentry_client=sentry.javascript.react%2F7.105.0
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.holded.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test.json
cdn.cookielaw.org/consent/8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test/8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test.json
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8c43aca3227ce17b7d75b3571692940da0eea70b861dc3562b9f51c8eeb2833
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-md5
8UP1ZTCSDmLN+g/ftxbY4w==
content-length
1656
x-ms-lease-status
unlocked
last-modified
Thu, 29 Feb 2024 11:17:31 GMT
server
cloudflare
etag
0x8DC391805D1674D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7eae7e9d-c01e-0052-4eac-74456b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
cf-ray
8635e4074dc09ba4-FRA
frame-modern.e4dd7c2e.js
js.intercomcdn.com/ Frame BC9A 		513 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.e4dd7c2e.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/gwbpci68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-55.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7cc24601bc05f466de4c869ea589cd4941ef2628fa3889be3a2b30d2c63bf990
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 17:33:27 GMT
content-encoding
gzip
via
1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
x-amz-version-id
UmvLVs7cdbana6ywMLGkAMD4Q2QKZQjD
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
3790
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
144409
last-modified
Tue, 12 Mar 2024 17:30:15 GMT
server
AmazonS3
etag
"9c94f6481f74e5b96a7c56853bf785a2"
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
1iTslBiMU-KbMfF5rsBD3AZhXT8Fw-CMdRAqxCa045GWSnrPY3plpw==
vendor-modern.9921b73c.js
js.intercomcdn.com/ Frame BC9A 		483 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.9921b73c.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/gwbpci68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-55.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cad3500791a788df6463f08be3d2cd07785f0f24b90d403fa17392a47469f0ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id
zet.u5RtupQ5aO17H6lOfp3_lQ45WHxw
content-encoding
gzip
via
1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
date
Tue, 12 Mar 2024 17:59:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
2211
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
151135
last-modified
Mon, 11 Mar 2024 17:54:53 GMT
server
AmazonS3
etag
"ae95e8cfe55350008dcd098ebbe4cee3"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
JNz-qwpb3tdo_O1ktOiMZbF5X3XGPk_AVPO3hBoYOt0IVvA1ok6f9w==
Login-Ql-2XlrT.js
app.holded.com/frontend-next-gen/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/Login-Ql-2XlrT.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50eeca1bf122a4d3f73367aca5c340ec238eac4ab0df82126157fbca27bbbc7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-222d8a140c363608dc7c1a3c0e724047' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-222d8a140c363608dc7c1a3c0e724047' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=13602
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e1d35ee-FRA
AuthInput-hLpZbbwE.js
app.holded.com/frontend-next-gen/ 		522 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/AuthInput-hLpZbbwE.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ee9b7714f96320c932ec0c5fd94cd258a551846c5fb69803166735ae340804f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-07ece7018c911e42b6f1eec09c625377' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-07ece7018c911e42b6f1eec09c625377' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=523
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e1f35ee-FRA
AuthLayout-wu9OYEDo.js
app.holded.com/frontend-next-gen/ 		8 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/AuthLayout-wu9OYEDo.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f96b3e08f41d1c25d5a7c91d9d1fe9ee4e5a214f32b77fe5e62e2b5fab3c121e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-469ab8f768b324e82d374b20b2732e27' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-469ab8f768b324e82d374b20b2732e27' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=8619
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2135ee-FRA
utils-9VIpkZjn.js
app.holded.com/frontend-next-gen/ 		630 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/utils-9VIpkZjn.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cef954ea66c15d4c4ed960683c670e1a898e450dd17f06b8126123098aa71f42
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-d31e338ae968a2159ae1cd7eae0c1ce4' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-d31e338ae968a2159ae1cd7eae0c1ce4' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=631
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:30:59 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2335ee-FRA
useBoolean-Crfe96Jn.js
app.holded.com/frontend-next-gen/ 		592 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/useBoolean-Crfe96Jn.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ee4aca8aee593d217c82ef74453d0bdb8b0cc8e55132d04fd2eb213c578bbb8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-1d459165b45caca2ec0ed39cfd0b9593' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-1d459165b45caca2ec0ed39cfd0b9593' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
age
6906
cf-polished
origSize=593
content-encoding
gzip
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 15:30:48 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2535ee-FRA
useBreakpoint-_K3zbDlt.js
app.holded.com/frontend-next-gen/ 		642 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/useBreakpoint-_K3zbDlt.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
240db23d7cf4c60a02c3732f91236c4716b522d7404eaa0cebeced748a3d410a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-0ba8b6c91aeef17dc388febae1311420' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-0ba8b6c91aeef17dc388febae1311420' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=643
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:31:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2935ee-FRA
Separator-niV5EC2b.js
app.holded.com/frontend-next-gen/ 		743 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/Separator-niV5EC2b.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9ea443b4d142d3e33a2dcdda8b995ef1e596e50c87fbbc43cb9612e21451df5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-35b341f02716c70cc4cae64ba10962ca' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-35b341f02716c70cc4cae64ba10962ca' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=744
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2a35ee-FRA
LoginSso-IWP53b5I.js
app.holded.com/frontend-next-gen/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/LoginSso-IWP53b5I.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9af4c31f9cd526458fbf8a0d93250f0d9538287c67ea666d47faf1b8fb1228a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-57239d3b9879412a82d2eccb97a227b7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-57239d3b9879412a82d2eccb97a227b7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=3422
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2b35ee-FRA
PasswordField-toE2aM1m.js
app.holded.com/frontend-next-gen/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/PasswordField-toE2aM1m.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
012de86b05599fd221cc7fd622ab1c5d6e9a18a3bee4010bc2dcc3cb71422423
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-6469e050a66f0e2480aa0be8a070e70e' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-6469e050a66f0e2480aa0be8a070e70e' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=1167
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2e35ee-FRA
signup-events-WBNmUy3F.js
app.holded.com/frontend-next-gen/ 		791 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/signup-events-WBNmUy3F.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53c5915f36ce1983ac74ff803bcafe8e696332c40691e04c1db73aca2d5612fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-b4ed083cf00f7533e5984e8752cc0ce9' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-b4ed083cf00f7533e5984e8752cc0ce9' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=792
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:03 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e2f35ee-FRA
useCountdown-LvzH0efm.js
app.holded.com/frontend-next-gen/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/useCountdown-LvzH0efm.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04ad9ae548075b2f2cd1c358e3acb0123a3e562e92e4da0a530f028f7f33e98d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-8b549ab2c4aea781a9af582ad5098e26' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-8b549ab2c4aea781a9af582ad5098e26' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=3013
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:04 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e3235ee-FRA
useDocMeta-olZ8GjC4.js
app.holded.com/frontend-next-gen/ 		879 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/useDocMeta-olZ8GjC4.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38135b02c55664331c4da1790cce263e3f7c1ec9ef42fc49258c9eb76c4786c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-31f2dc2e6eb20d58aedb08d1b05a6e08' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-31f2dc2e6eb20d58aedb08d1b05a6e08' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=880
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:32:04 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e3335ee-FRA
useDocTitle-QnYHfKEe.js
app.holded.com/frontend-next-gen/ 		737 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/frontend-next-gen/useDocTitle-QnYHfKEe.js
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@mui/x-49fa_sho.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d46bae455c866d0f1882f49fa37e48f76f6430f07c2890aa4d7b17cd8eb67a50
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-7a3f66c8cd1dd5215ec556af14a69dbc' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
content-security-policy
default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-7a3f66c8cd1dd5215ec556af14a69dbc' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
via
1.1 google
strict-transport-security
max-age=31536000; preload; includeSubDomains
cf-cache-status
HIT
content-encoding
gzip
cf-polished
origSize=738
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 12 Mar 2024 17:30:57 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://app.holded.com
cache-control
max-age=14400
permissions-policy
accelerometer=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
cf-ray
8635e4072e3635ee-FRA
analytics-browser-gtm-2.3.2-min.js.gz
cdn.amplitude.com/libs/ 		63 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/analytics-browser-gtm-2.3.2-min.js.gz
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.7.1/dist/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.206.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-206-118.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
713f511fa78bacaf5b56ed62bd685d4da42bd60a5967089dd43b782e911936c7

Request headers

Referer
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 08:32:51 GMT
content-encoding
gzip
via
1.1 54fc556adf6e8c787574c6f132d70178.cloudfront.net (CloudFront)
x-amz-version-id
Ap9TxTr1jd.uBxfyAyxlFgHmKx7DI9a_
x-amz-cf-pop
FRA56-P3
age
4183426
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17453
last-modified
Tue, 26 Sep 2023 21:10:41 GMT
server
AmazonS3
etag
"ec3bbf1e314398aa76e6ddc00b60ec6d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
qtXeFcUuAXsmZuTvAzF-kkd7oD684eF_SG0In9UCiiJRRsvvfIYMnA==
rum
app.holded.com/cdn-cgi/ 		0
181 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.holded.com/cdn-cgi/rum?
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4393 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.holded.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://app.holded.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
8635e4075e7435ee-FRA
ping
api-iam.intercom.io/messenger/web/ Frame BC9A 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e4dd7c2e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.236.234.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-234-143.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6a8f41c13947f99c0cb20faf222d28610f283dab5e13cf303dc63baa32f6349a
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 12 Mar 2024 18:36:37 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-04e75d817d474162f
status
200 OK
x-xss-protection
1; mode=block
x-request-id
000878qlb1u6jjf5sv8g
x-runtime
0.339270
server
nginx
etag
W/"6a8f41c13947f99c0cb20faf222d2861"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.holded.com
x-intercom-version
19a1290144c44a5b48f905961c03c36c419d103c
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		66 B
303 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 18:36:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8635e408192a9a12-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202402.1.0/ 		430 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js?did=8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5m3SVn9yaQSlRqLvlzjrBg==
age
73760
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
106956
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 07:33:33 GMT
server
cloudflare
etag
0x8DC3C1D6598CBF8
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c5464b4d-e01e-0037-5c1c-6eeb2f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8635e4085d612bcf-FRA
en.json
cdn.cookielaw.org/consent/8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test/018de9a6-b8ab-777a-95c4-aa250f8ae1d6/ 		62 KB
16 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/8ba51f48-43c3-4fad-b6ff-6b6e8d0fd749-test/018de9a6-b8ab-777a-95c4-aa250f8ae1d6/en.json
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
283e21bf9ad0104316284f52b675743906ac4940c77a58b37bff0e04c456f7d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-md5
DyoWdNeCI3UAgQuldRfDKw==
content-length
16156
x-ms-lease-status
unlocked
last-modified
Thu, 29 Feb 2024 11:17:37 GMT
server
cloudflare
etag
0x8DC391808F9D1B2
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
2846d43e-901e-004f-51ac-7448d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
cf-ray
8635e40918e89ba4-FRA
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCenterRounded.json
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
863PykfmcLWIwYm2BjNQSA==
age
41049
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2626
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 07:33:26 GMT
server
cloudflare
etag
0x8DC3C1D61A62D25
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
a7d538ac-d01e-0071-7e20-6edfa8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8635e409fa469ba4-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/otPcCenter.json
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f40f57620246d052ea666f8f9d25dc6fcd93a7bbd6314077a2eb7213e98a4b5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
01SMtGeyB0SRvW+F1DYVMg==
age
41049
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12808
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 07:33:28 GMT
server
cloudflare
etag
0x8DC3C1D628E9642
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
09d62e05-e01e-008e-2120-6eef35000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8635e409fa489ba4-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCommonStyles.css
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
41049
x-ms-lease-status
unlocked
last-modified
Mon, 04 Mar 2024 07:33:37 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
d1796bee-901e-0012-7320-6e4253000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8635e409fa4c9ba4-FRA
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 04:10:19 GMT
x-content-type-options
nosniff
age
51977
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Mar 2025 04:10:19 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.holded.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 01:17:56 GMT
x-content-type-options
nosniff
age
62320
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Mar 2025 01:17:56 GMT
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
489 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
41049
x-ms-lease-status
unlocked
last-modified
Mon, 11 Mar 2024 03:48:47 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
0d9fb407-101e-000c-2195-73ae8b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8635e40a4ad89ba4-FRA
Holded_H_Logo_R@2x.png
cdn.cookielaw.org/logos/80df487c-62ab-4978-b310-891309e09de5/3e805fe4-279a-49aa-8606-c7cb584bbc20/1dc5897a-ad1b-4ae5-88b5-c1a3c756b50b/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/80df487c-62ab-4978-b310-891309e09de5/3e805fe4-279a-49aa-8606-c7cb584bbc20/1dc5897a-ad1b-4ae5-88b5-c1a3c756b50b/Holded_H_Logo_R@2x.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aeeee3bbad742a03e52727b9c91ec94c21cfd76a1454c34b409877df2163984
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
U/WPMS62JtDpGIN2XUo6tQ==
age
37412
content-length
33957
x-ms-lease-status
unlocked
last-modified
Fri, 21 Apr 2023 10:14:19 GMT
server
cloudflare
etag
0x8DB42512BE15E91
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
e71cf9b2-501e-007f-2270-24f618000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8635e40a581a2bcf-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Mar 2024 18:36:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
58356
x-ms-lease-status
unlocked
last-modified
Mon, 11 Mar 2024 03:48:48 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
75689a2e-901e-0002-0668-73873b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8635e40a581c2bcf-FRA
vendors~locale-es-json-modern.ba06d84f.js
js.intercomcdn.com/ Frame BC9A 		32 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendors~locale-es-json-modern.ba06d84f.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e4dd7c2e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-55.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
625e1240f3a3cc77e4cdaa84978451207032630bfc4da5eb321879738f9518f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id
BClmlgCFQCg3rNFvwQVKL9vQmWtvVpQb
content-encoding
gzip
via
1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
date
Tue, 12 Mar 2024 18:00:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
2198
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
9096
last-modified
Mon, 11 Mar 2024 17:54:54 GMT
server
AmazonS3
etag
"dfe6977e4e1adbaf043a00757188bc01"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
naVumLJgHBmpU0z-emOOpwk1AG4-6nWGKMIQP2LAZ3YJNvQT3UncRw==
ping
api-iam.intercom.io/messenger/web/ Frame BC9A 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e4dd7c2e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.236.234.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-234-143.compute-1.amazonaws.com
Software
nginx /
Resource Hash
df0e1e518452a6b83d89ceaec7e3d1647781fa67393978687ee26c232f1f5fbd
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 12 Mar 2024 18:36:37 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-04e75d817d474162f
status
200 OK
x-xss-protection
1; mode=block
x-request-id
00093klbqub2m8j9ka60
x-runtime
0.262192
server
nginx
etag
W/"df0e1e518452a6b83d89ceaec7e3d164"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.holded.com
x-intercom-version
19a1290144c44a5b48f905961c03c36c419d103c
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
httpapi
api2.amplitude.com/2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.248.61 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-248-61.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.holded.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Tue, 12 Mar 2024 18:36:37 GMT
strict-transport-security
max-age=15768000
httpapi
api2.amplitude.com/2/ 		94 B
309 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.248.61 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-248-61.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
d15fee6e3ba7de19c88f144b259379a69f16da99277e0c3db4f3251ef04670bd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 12 Mar 2024 18:36:38 GMT
strict-transport-security
max-age=15768000
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
trace-id
Root=1-65f0a0b5-5ead9be96b18293520afa9f9
content-length
94
/
o448960.ingest.sentry.io/api/6142053/envelope/ 		198 B
247 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o448960.ingest.sentry.io/api/6142053/envelope/?sentry_key=c452418ab0764a6f97f6f0b27c67def5&sentry_version=7&sentry_client=sentry.javascript.react%2F7.105.0
Requested by
Host: app.holded.com
URL: https://app.holded.com/frontend-next-gen/@sentry-vVkiL38g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.holded.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 12 Mar 2024 18:36:39 GMT
content-encoding
br
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
3
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-sentry-rate-limits
60:transaction;profile:organization:transaction_usage_exceeded
retry-after
60

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| dataLayer object| google_tag_manager object| google_tag_data object| otEventListeners object| intercomSettings function| Intercom boolean| gtm_loaded object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE string| __reactRouterVersion object| __MUI_LICENSE_INFO__ object| __SENTRY__ object| __cfBeacon object| OneTrustStub function| __intercomAssignLocation function| __intercomReloadLocation object| amplitudeGTM object| amplitude function| _amplitude object| analyticsConnectorInstances object| otStubData object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups

11 Cookies

Domain/Path Name / Value
.holded.com/ Name: lang
Value: de
.holded.com/ Name: PHPSESSID
Value: c0d365300086c7345fe8bfc80e672152
.holded.com/ Name: __gtm_user_mrr
Value: undefined
.holded.com/ Name: __gtm_first_int
Value: {"landing_page_cleaned":"https://app.holded.com/","landing_date":1710268595853,"utm_medium":"(none)","utm_source":"direct"}
.holded.com/ Name: __gtm_user_name
Value: undefined
.holded.com/ Name: AMP_MKTG_faba0f14b9
Value: JTdCJTdE
.holded.com/ Name: AMP_faba0f14b9
Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIzZmFhMTZlNy00MmFkLTQ1MjAtOTc2Ny1hMGM5MjI0MzZlMzMlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEwMjY4NTk2MzY4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMDI2ODU5NjM3MSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSU3RA==
app.holded.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Mar+12+2024+19%3A36%3A36+GMT%2B0100+(Central+European+Standard+Time)&version=202402.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=dc1a2ab3-58a1-4c4c-a97f-0910cec51340&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fapp.holded.com%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.holded.com/ Name: intercom-id-gwbpci68
Value: 9948d1da-553d-42b3-a37a-8b51c9a70785
.holded.com/ Name: intercom-session-gwbpci68
Value:
.holded.com/ Name: intercom-device-id-gwbpci68
Value: fd7ab212-13a7-4560-a1e0-2c0d821df3b9

1 Console Messages

Source Level URL
Text
network error URL: https://o448960.ingest.sentry.io/api/6142053/envelope/?sentry_key=c452418ab0764a6f97f6f0b27c67def5&sentry_version=7&sentry_client=sentry.javascript.react%2F7.105.0
Message:
Failed to load resource: the server responded with a status of 429 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https:;frame-ancestors 'self' https:;connect-src * https:;frame-src * https: blob: data:;style-src * 'unsafe-inline' https:;script-src 'self' https://*.wistia.com https://*.wistia.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercom.io https://*.amplitude.com https://*.sentry-cdn.com https://*.hotjar.com https://*.cookielaw.org https://*.facebook.net https://*.licdn.com https://*.canny.io https://*.bing.com https://*.tiktok.com https://*.clarity.ms https://*.doubleclick.net https://*.jsdelivr.net https://*.stripe.com https://*.squarecdn.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-analytics.net 'nonce-2fa752378e6e295002b91448baaa14b7' https:;img-src * data: https: blob:;worker-src * data: https: blob:;media-src * data: https: blob:;font-src * data: https:;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api2.amplitude.com
app.holded.com
cdn.amplitude.com
cdn.cookielaw.org
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
js.intercomcdn.com
o448960.ingest.sentry.io
static.cloudflareinsights.com
widget.intercom.io
www.googletagmanager.com
13.224.189.18
18.245.46.55
2606:4700:10::6816:4393
2606:4700:4400::6812:2089
2606:4700::6810:5049
2606:4700::6810:5914
2606:4700::6813:b134
2a00:1450:4001:803::200a
2a00:1450:4001:80e::2008
2a00:1450:4001:828::2003
34.120.195.249
44.237.248.61
52.222.206.118
54.236.234.143
012de86b05599fd221cc7fd622ab1c5d6e9a18a3bee4010bc2dcc3cb71422423
04ad9ae548075b2f2cd1c358e3acb0123a3e562e92e4da0a530f028f7f33e98d
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
10766c908b45cffd397c8850e1de0803c67edc5fb94c8d882f16a62b93079f50
240db23d7cf4c60a02c3732f91236c4716b522d7404eaa0cebeced748a3d410a
283e21bf9ad0104316284f52b675743906ac4940c77a58b37bff0e04c456f7d2
2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558
3a01dbd62837bb3f395c27726dfb66492e697d2917d554ba81d62b6ebb44268a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
477794f236a132ff1a9c44d928e66735cb6875f1bb2fb3db6073433101f9f810
4972342669b521b38efc819949c0c2100f622530a6011219c08d06965a82a7a4
4be184c08616780ef96665bceda034d259052bd439e7c01837df8feff91b693c
53c5915f36ce1983ac74ff803bcafe8e696332c40691e04c1db73aca2d5612fd
5ee9b7714f96320c932ec0c5fd94cd258a551846c5fb69803166735ae340804f
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
625e1240f3a3cc77e4cdaa84978451207032630bfc4da5eb321879738f9518f4
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a8f41c13947f99c0cb20faf222d28610f283dab5e13cf303dc63baa32f6349a
713f511fa78bacaf5b56ed62bd685d4da42bd60a5967089dd43b782e911936c7
7cc24601bc05f466de4c869ea589cd4941ef2628fa3889be3a2b30d2c63bf990
82492eb2c40df78f7d76178ea2966b15867afd4c958b1a92ea0e545be11e79de
8aeeee3bbad742a03e52727b9c91ec94c21cfd76a1454c34b409877df2163984
8ee4aca8aee593d217c82ef74453d0bdb8b0cc8e55132d04fd2eb213c578bbb8
90f082417adc25abf75dbb3b4ba740e9e656b294a211d3953bfb5496b45a27c5
a16ff79e608092e8ed0f16cbd8b1ec0999e86b98b3cfc8aa7243ceb4ef902abc
a3ff489e261d587646568bd766f2e6777a6e3697735c667374fd4052986cb3ee
a4b00c0b8654832c0eb0bff97b96100d4251cebb3392044db2b7c330687d8bba
a9af4c31f9cd526458fbf8a0d93250f0d9538287c67ea666d47faf1b8fb1228a
af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
c354e562d255f8369cd19f83be2bad62e892506a8ae50ddb97d8d6f8a96c03ca
c50eeca1bf122a4d3f73367aca5c340ec238eac4ab0df82126157fbca27bbbc7
cad3500791a788df6463f08be3d2cd07785f0f24b90d403fa17392a47469f0ed
cef954ea66c15d4c4ed960683c670e1a898e450dd17f06b8126123098aa71f42
d15fee6e3ba7de19c88f144b259379a69f16da99277e0c3db4f3251ef04670bd
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d46bae455c866d0f1882f49fa37e48f76f6430f07c2890aa4d7b17cd8eb67a50
d48d5d2c3d94a8a96ac8f0200e31db826208416f2859fe3a3d76b5dfc8cc5110
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
d870092ed28f82fe53660c49e9f541b0e25bda311420ae826ca5381d83ff1d4a
df0e1e518452a6b83d89ceaec7e3d1647781fa67393978687ee26c232f1f5fbd
e33677c2fd687eab0c44c47d34b316298a5aac40e07d9740afeddab98e075654
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43143507cd19b3b4aed95571155ec08fe86e0ab5aa9d93c2c997c276450b62b
e8c43aca3227ce17b7d75b3571692940da0eea70b861dc3562b9f51c8eeb2833
e9ea443b4d142d3e33a2dcdda8b995ef1e596e50c87fbbc43cb9612e21451df5
ea092957a088ce5897d1540e131a0a47a3fcfd34053f9421fe41e42c6d6fd4e0
f38135b02c55664331c4da1790cce263e3f7c1ec9ef42fc49258c9eb76c4786c
f40f57620246d052ea666f8f9d25dc6fcd93a7bbd6314077a2eb7213e98a4b5a
f5dd1f8372f4fef65ba81d4f4e61a71f4df13344a4248e9079872476ab329696
f635cc11075c6c748d78bf5ff56f84c94229a01a3224368a674a25ea0c98aa4f
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f96b3e08f41d1c25d5a7c91d9d1fe9ee4e5a214f32b77fe5e62e2b5fab3c121e