securityscorecard.com Open in urlscan Pro
2606:4700::6810:e350 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.merccap.com/
Effective URL:
https://securityscorecard.com/security-rating/merccap.com
Submission: On November 10 via api (November 10th 2024, 12:19:34 pm UTC) from US — Scanned from DE

Summary HTTP 64 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 15 domains to perform 64 HTTP transactions. The main IP is 2606:4700::6810:e350, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityscorecard.com. The Cisco Umbrella rank of the primary domain is 214643.
TLS certificate: Issued by WE1 on September 28th 2024. Valid for: 3 months.

This is the only time securityscorecard.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	15.197.225.128 15.197.225.128	16509 (AMAZON-02) (AMAZON-02)
38	2606:4700::68... 2606:4700::6810:e350	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.129.91 151.101.129.91	54113 (FASTLY) (FASTLY)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7edb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	35.201.112.186 35.201.112.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.36.213.229 34.36.213.229	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.32.27.116 13.32.27.116	16509 (AMAZON-02) (AMAZON-02)
1	34.192.1.90 34.192.1.90	14618 (AMAZON-AES) (AMAZON-AES)
2	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.33.219.205 13.33.219.205	16509 (AMAZON-02) (AMAZON-02)
1	104.18.16.5 104.18.16.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:887::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2600:1f18:24e... 2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:350... 2a02:26f0:3500:886::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	34.107.204.85 34.107.204.85	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.18.17.5 104.18.17.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
64	21

1 15.197.225.128 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: aec037177372cc6cd.awsglobalaccelerator.com

www.merccap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2606:4700::6810:e350 (United States)

ASN13335 (CLOUDFLARENET, US)

securityscorecard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.91 (San Francisco, United States)

ASN54113 (FASTLY, US)

client-registry.mutinycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7edb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.36.213.229 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 229.213.36.34.bc.googleusercontent.com

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-116.fra56.r.cloudfront.net

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.192.1.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-1-90.compute-1.amazonaws.com

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:18::1724:a29d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.219.205 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-219-205.fra60.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.16.5 (None, )

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:887::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:886::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.204.85 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 85.204.107.34.bc.googleusercontent.com

app.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.17.5 (None, )

ASN13335 (CLOUDFLARENET, US)

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	securityscorecard.com securityscorecard.com — Cisco Umbrella Rank: 214643	1 MB
4	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4618 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5320 imgsct.cookiebot.com — Cisco Umbrella Rank: 5372	126 KB
3	browser-intake-datadoghq.com rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 2676	822 B
3	pendo.io cdn.pendo.io — Cisco Umbrella Rank: 626 app.pendo.io — Cisco Umbrella Rank: 1958 Failed	137 KB
3	fullstory.com edge.fullstory.com — Cisco Umbrella Rank: 1985 rs.fullstory.com — Cisco Umbrella Rank: 2089	80 KB
2	qualified.com js.qualified.com — Cisco Umbrella Rank: 16970 app.qualified.com — Cisco Umbrella Rank: 16988	245 KB
2	heapanalytics.com cdn.heapanalytics.com — Cisco Umbrella Rank: 852 heapanalytics.com — Cisco Umbrella Rank: 666	38 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	244 KB
1	google.de www.google.de — Cisco Umbrella Rank: 11271	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	548 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4401
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1208	50 KB
1	typekit.net p.typekit.net — Cisco Umbrella Rank: 561	172 B
1	mutinycdn.com client-registry.mutinycdn.com — Cisco Umbrella Rank: 18603	20 KB
1	merccap.com 1 redirects www.merccap.com	345 B
64	15

	Domain	Requested by
38	securityscorecard.com	securityscorecard.com
3	rum.browser-intake-datadoghq.com	securityscorecard.com
2	app.pendo.io	www.datadoghq-browser-agent.com
2	consent.cookiebot.com	securityscorecard.com consent.cookiebot.com
2	edge.fullstory.com	securityscorecard.com edge.fullstory.com
2	www.googletagmanager.com	securityscorecard.com www.googletagmanager.com
1	app.qualified.com	js.qualified.com
1	imgsct.cookiebot.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	www.google.de	securityscorecard.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	securityscorecard.com
1	rs.fullstory.com	edge.fullstory.com
1	js.qualified.com	www.googletagmanager.com
1	www.datadoghq-browser-agent.com	securityscorecard.com
1	heapanalytics.com	securityscorecard.com
1	cdn.heapanalytics.com	securityscorecard.com
1	cdn.pendo.io	securityscorecard.com
1	p.typekit.net	securityscorecard.com
1	client-registry.mutinycdn.com	securityscorecard.com
1	www.merccap.com	1 redirects
64	21

This site contains links to these domains. Also see Links.

Domain
legal.marketo.com
twitter.com
www.techtarget.com
business.safety.google
www.cookiebot.com
www.crazyegg.com
www.linkedin.com
www.bizible.com
www.adobe.com
www.pendo.io
www.quantcast.com
newrelic.com
issuu.com
heap.io
privacy.microsoft.com
documents.marketo.com
www.atlassian.com
business.brighttalk.com
info.impartner.com
platform.securityscorecard.io
merccap.com
trust.securityscorecard.com
support.securityscorecard.com
www.cybersecurity-insiders.com
www.helpnetsecurity.com
techcrunch.com
www.facebook.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
securityscorecard.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
client-registry.mutinycdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-06` - `2025-04-07`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-27` - `2025-09-27`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
edge.fullstory.com WR3	`2024-10-20` - `2025-01-18`	3 months	crt.sh
cdn.pendo.io WR3	`2024-09-19` - `2024-12-18`	3 months	crt.sh
cdn.heapanalytics.com Amazon RSA 2048 M02	`2024-05-29` - `2025-06-26`	a year	crt.sh
heapanalytics.com Amazon RSA 2048 M03	`2024-10-10` - `2025-11-08`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-08-03`	a year	crt.sh
qualified.com WE1	`2024-11-02` - `2025-01-31`	3 months	crt.sh
rs.fullstory.com WR3	`2024-10-22` - `2025-01-20`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.de WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-14` - `2025-05-17`	a year	crt.sh
pendo.io WR3	`2024-09-14` - `2024-12-13`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://securityscorecard.com/security-rating/merccap.com
Frame ID: C8B7AAADADE7A02DAD2B3022D0937953
Requests: 66 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: D41953716E152C0D2409795431228C9E
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/596DnzD85Gz1Abe4/messenger?uuid=e355dcba-54d9-45ac-b4a7-9a3101c5a007
Frame ID: 1ABA72174317FAC118C378CBA3F3C27B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Merccap Cyber Security Rating & Vendor Risk Report | SecurityScorecard

Page URL History Show full URLs

https://www.merccap.com/ HTTP 301
https://securityscorecard.com/security-rating/merccap.com Page URL

Detected technologies

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

heap-\d+\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

64
Requests

98 %
HTTPS

43 %
IPv6

15
Domains

21
Subdomains

21
IPs

4
Countries

2011 kB
Transfer

6004 kB
Size

6
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://legal.marketo.com/privacy/
Title: Marketo

Search URL Search Domain Scan URL

URL: https://twitter.com/en/privacy
Title: Twitter Inc.

Search URL Search Domain Scan URL

URL: https://www.techtarget.com/privacy-policy-may25/?utm_source=cmp&utm_medium=banner&utm_campaign=consent&utm_term=privacy
Title: TechTarget

Search URL Search Domain Scan URL

URL: https://business.safety.google/privacy/
Title: Google

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://www.crazyegg.com/privacy
Title: CrazyEgg

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.bizible.com/privacy-policy
Title: Bizible

Search URL Search Domain Scan URL

URL: https://www.adobe.com/privacy.html
Title: Adobe

Search URL Search Domain Scan URL

URL: https://www.pendo.io/pendo-blog/meet-pendos-first-data-protection-officer/
Title: Pendo

Search URL Search Domain Scan URL

URL: https://www.quantcast.com/privacy/
Title: Quantcast

Search URL Search Domain Scan URL

URL: https://newrelic.com/termsandconditions/privacy
Title: New Relic

Search URL Search Domain Scan URL

URL: https://issuu.com/legal/privacy
Title: Issuu

Search URL Search Domain Scan URL

URL: https://heap.io/privacy
Title: Heap Analytics

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://documents.marketo.com/legal/privacy/
Title: Bizible

Search URL Search Domain Scan URL

URL: https://www.atlassian.com/legal/privacy-policy
Title: Atlassian

Search URL Search Domain Scan URL

URL: https://documents.marketo.com/legal/cookies/
Title: Marketo

Search URL Search Domain Scan URL

URL: https://business.brighttalk.com/company/privacy-policy/
Title: BrightTalk

Search URL Search Domain Scan URL

URL: https://info.impartner.com/privacy-policy.aspx
Title: Impartner

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://platform.securityscorecard.io/#/
Title: Sign In

Search URL Search Domain Scan URL

URL: http://merccap.com/
Title: merccap.com

Search URL Search Domain Scan URL

URL: https://trust.securityscorecard.com/
Title: Learn more about our scoring methodology

Search URL Search Domain Scan URL

URL: https://platform.securityscorecard.io/#/home/?request-evidence=merccap.com
Title: Request Documentation

Search URL Search Domain Scan URL

URL: https://support.securityscorecard.com/hc/en-us/articles/4414858473371-Showcase-your-cyber-diligence-on-your-website-with-badges
Title: How to Use Badges

Search URL Search Domain Scan URL

URL: https://www.cybersecurity-insiders.com/cfpb-rule-changes-presents-new-open-banking-challenge-ensuring-compliance-with-api-standards/?utm_source=rss&utm_medium=rss&utm_campaign=cfpb-rule-changes-presents-new-open-banking-challenge-ensuring-compliance-with-api-standards
Title: CFPB Rule Changes Presents New Open Banking Challenge – Ensuring Compliance with API Standardscybersecurity-insiders.com

Search URL Search Domain Scan URL

URL: https://www.cybersecurity-insiders.com/unleashing-the-power-of-purple-teaming-a-collaborative-approach-to-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=unleashing-the-power-of-purple-teaming-a-collaborative-approach-to-cybersecurity
Title: Unleashing the Power of Purple Teaming: A Collaborative Approach to Cybersecuritycybersecurity-insiders.com

Search URL Search Domain Scan URL

URL: https://www.cybersecurity-insiders.com/fortinet-expands-generative-ai-integration-across-cybersecurity-portfolio-to-enhance-security-operations/?utm_source=rss&utm_medium=rss&utm_campaign=fortinet-expands-generative-ai-integration-across-cybersecurity-portfolio-to-enhance-security-operations
Title: Fortinet Expands Generative AI Integration Across Cybersecurity Portfolio to Enhance Security Operationscybersecurity-insiders.com

Search URL Search Domain Scan URL

URL: https://www.helpnetsecurity.com/2024/11/10/week-in-review-zero-click-flaw-in-synology-nas-devices-google-fixes-exploited-android-vulnerability/
Title: Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerabilityhelpnetsecurity.com

Search URL Search Domain Scan URL

URL: https://www.cybersecurity-insiders.com/asyncrats-infection-tactics-via-open-directories-technical-analysis/?utm_source=rss&utm_medium=rss&utm_campaign=asyncrats-infection-tactics-via-open-directories-technical-analysis
Title: AsyncRAT’s Infection Tactics via Open Directories: Technical Analysiscybersecurity-insiders.com

Search URL Search Domain Scan URL

URL: https://techcrunch.com/2024/11/09/ftx-bankruptcy-estate-sues-anthony-scaramucci-fwd-us-others/
Title: FTX bankruptcy estate sues Anthony Scaramucci, FWD.us, otherstechcrunch.com

Search URL Search Domain Scan URL

URL: https://platform.securityscorecard.io/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/security-scorecard/
Title: Visit our Linkedin page

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SecScorecard/
Title: Visit our Facebook page

Search URL Search Domain Scan URL

URL: https://twitter.com/security_score
Title: Visit our Twitter page

Search URL Search Domain Scan URL

URL: https://www.instagram.com/securityscorecard/
Title: Visit our Instagram page

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCbTCXVt5mJTV3eI5_m2chZQ
Title: Visit our Youtube page

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.merccap.com/ HTTP 301
https://securityscorecard.com/security-rating/merccap.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request merccap.com Show response
securityscorecard.com/security-rating/
Redirect Chain

https://www.merccap.com/
https://securityscorecard.com/security-rating/merccap.com

152 KB
38 KB

1431ms
987ms

Document
text/html

2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

40bb920d45b62bef7b5f41862dac72d63df583e2a60b56f665e4116940cdb881

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=2592000, stale-if-error=86400
cf-apo-via: origin,page-rules
cf-cache-status: BYPASS
cf-ray: 8e05fd95aabc9b45-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
content-type: text/html; charset=utf-8
date: Sun, 10 Nov 2024 12:19:24 GMT
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: Next.js
x-xss-protection: 0

Redirect headers

Connection: close
Content-Length: 92
Content-Type: text/html; charset=utf-8
Date: Sun, 10 Nov 2024 12:19:22 GMT
Location: https://securityscorecard.com/security-rating/merccap.com
Server: ip-100-74-5-90.eu-west-2.compute.internal
Vary: Accept-Encoding
X-Request-Id: fa87afe7-25f7-46ac-b048-f28e4ab0a741

GET
H2 200 4f6ca7fced130fc0.js Show response
client-registry.mutinycdn.com/personalize/client/ 66 KB
20 KB 425ms
50ms Script
application/javascript 151.101.129.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://client-registry.mutinycdn.com/personalize/client/4f6ca7fced130fc0.js
Requested by: Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.91 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1fafa19b262056af7249123215f0168c5f78ce5cf74be5170169cd65716934a4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "a7ccb5973354e0508e7236c1f0d761ca"
x-amz-version-id: oAUT8lB5grvB3.NmQL19TrtoVLIljtpR
age: 741
access-control-allow-methods: GET, HEAD
x-cache: HIT
x-country-code: DE
date: Sun, 10 Nov 2024 12:19:25 GMT
last-modified: Tue, 05 Nov 2024 19:30:44 GMT
content-type: application/javascript
x-served-by: cache-fra-etou8220116-FRA
x-cache-hits: 0
x-amz-id-2: jR/gwDKvGWvlOUaDQsJRk123rHDF3DjYXNEw+HFYdyuLaVCho6MCgRkHKQAaKJUh8a1plY5qmAI=
x-edge-datacenter: FRA
vary: X-Continent-Code, Accept-Encoding
cache-control: s-maxage=3600, max-age=0
x-continent-code: EU
x-connection-speed: broadband
via: 1.1 varnish
x-amz-request-id: 2BPDGR7ZWN2S28PW
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20355
x-edge-region: EU-East
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 12eca9a40955af22.css
securityscorecard.com/security-rating/_next/static/css/ 10 KB
2 KB 582ms
488ms Stylesheet
text/css 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e073b2c57b4ca384b1632f85aa2377f4a56f9f401144661a9a3fcdfa0eda7d8

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"2848-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa93f9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 webpack-5edf9bf40cbf2628.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 4 KB
2 KB 580ms
488ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/webpack-5edf9bf40cbf2628.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0da5049082833ca908a101ec696716d9feba5aa6a3fd5ebaaf773abb8d4eb10

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"f51-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9439b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 framework-2c16ac744b6cdea6.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 138 KB
44 KB 729ms
637ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/framework-2c16ac744b6cdea6.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad5dcc4e01dab6422e6e5c6b3e67267079b6a145fe17981fe1e21688cc118eb4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"226b5-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9449b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 main-12d16fde52b687be.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 139 KB
40 KB 763ms
671ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41c52dce132868a64a151479c471b8b5671cc4096988368941c9f5e1f037a492

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"22d8c-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9459b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 _app-ca84d45f64cc156e.js Show response
securityscorecard.com/security-rating/_next/static/chunks/pages/ 2 MB
555 KB 762ms
671ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/pages/_app-ca84d45f64cc156e.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e4474a3f93ab13af0f1e9faa23e17fd1713a949f86a6933a594d44a8b847555

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"1b5787-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9469b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 544-c6a62dbdcbb27001.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 28 KB
10 KB 584ms
492ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/544-c6a62dbdcbb27001.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0cf8e8868ecbeca608cb044fb2aa94e249c109189166642f79e23a2fa919c74

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"700f-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9479b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 679-28fec0c2b6fea3ef.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 9 KB
3 KB 580ms
489ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/679-28fec0c2b6fea3ef.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ea4741c2bc3e9dd1b95e2054b78192e90afea9743554241161ba05b78722493

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"2518-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9489b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 192-a6a52002fb0635ea.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 7 KB
3 KB 729ms
638ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/192-a6a52002fb0635ea.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014f7d221ab65baa1bad266369da6e27a9feb0998e721f57d57da3ddb1a1cd41

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"1c38-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fe9679b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 228-20fcdd41567de799.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 15 KB
5 KB 729ms
638ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/228-20fcdd41567de799.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bbeffbece52558173b666e557f91a147b39d2c7ed5aeff57653d25e8f555fbc

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"3ce8-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fe9689b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 %5Bdomain%5D-39ec9289b1e3f142.js Show response
securityscorecard.com/security-rating/_next/static/chunks/pages/ 75 KB
22 KB 762ms
671ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/pages/%5Bdomain%5D-39ec9289b1e3f142.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7eb0e897d90cafb487c4a16797f27ef95f8f7a308906ed4d7bbad87bd0844cd0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"12cf1-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fe9699b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 _buildManifest.js Show response
securityscorecard.com/security-rating/_next/static/EePSSBOYTTUtR-lnZkson/ 1 KB
562 B 676ms
585ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/EePSSBOYTTUtR-lnZkson/_buildManifest.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be7333e3a4a5b894c75897c9ef423c597bef93b72436b52a72ff03289313af51

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"466-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fe96b9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 _ssgManifest.js Show response
securityscorecard.com/security-rating/_next/static/EePSSBOYTTUtR-lnZkson/ 77 B
132 B 727ms
636ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/EePSSBOYTTUtR-lnZkson/_ssgManifest.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4d-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fe96c9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
server: cloudflare

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 425ms
47ms Stylesheet
text/css 2a02:26f0:480:f::213:7edb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=peb8cdj&ht=tk&f=139.173.175.5474.25136&a=44064139&app=typekit&e=css
Requested by: Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7edb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cache-control: public, max-age=604800
etag: "64fdb8fb-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: text/css
last-modified: Sun, 10 Sep 2023 12:39:23 GMT
server: nginx

GET
H2 200 cybersecurity-insiders.com.8461a029.png
securityscorecard.com/security-rating/_next/static/media/ 6 KB
6 KB 674ms
580ms Image
image/png 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/cybersecurity-insiders.com.8461a029.png

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c9058d3cabe6c9febe8eab4a6d85d4b9af96e59185edd282026ff264b63b9ed

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cf-cache-status: DYNAMIC
etag: W/"17c3-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/png
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9419b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
content-length: 6083
x-xss-protection: 0
server: cloudflare

GET
H2 200 helpnetsecurity.com.6cd7e869.png
securityscorecard.com/security-rating/_next/static/media/ 822 B
934 B 678ms
584ms Image
image/png 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/helpnetsecurity.com.6cd7e869.png

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6a54ece1f495bee9091eb1678b131ddb6dc9afe64a5e74b90c3fdeaa38d8b80

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cf-cache-status: DYNAMIC
etag: W/"336-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/png
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fa9429b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
content-length: 822
x-xss-protection: 0
server: cloudflare

GET
H2 200 techcrunch.com.9c8c1e41.png
securityscorecard.com/security-rating/_next/static/media/ 2 KB
2 KB 727ms
636ms Image
image/png 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/techcrunch.com.9c8c1e41.png

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eba2938e555771d98f451537eb6e9320c29ad44cb501ed56ed39df9cdd4b056f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cf-cache-status: DYNAMIC
etag: W/"8e4-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/png
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fd9fe96d9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
content-length: 2276
x-xss-protection: 0
server: cloudflare

GET
H2 200 email-decode.min.js Show response
securityscorecard.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
818 B 225ms
134ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"672b8df5-4d7"
x-content-type-options: nosniff
cf-ray: 8e05fd9fa9409b45-FRA
expires: Tue, 12 Nov 2024 12:19:24 GMT
date: Sun, 10 Nov 2024 12:19:24 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 15:40:37 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 337 KB
112 KB 584ms
122ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TQH6FX

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e51adeaee2d31a1f1fad749ca944e85c69663e7ab2cf6453d1407066bc06dbd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Sun, 10 Nov 2024 12:19:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 10 Nov 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 114117
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 286 KB
78 KB 487ms
50ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3453fa3caf6fbc44c0541041b1ff2065afd67d1943e2461d7569962f1f575315

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://securityscorecard.com
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: br
x-goog-hash: crc32c=yjXPHQ==, md5=x+MYUQ7Gju14P0arwwsqlw==
etag: "c7e318510ec68eed783f46abc30b2a97"
age: 3143
x-goog-stored-content-encoding: br
expires: Sun, 10 Nov 2024 12:27:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 78991
date: Sun, 10 Nov 2024 11:27:02 GMT
last-modified: Wed, 06 Nov 2024 15:23:41 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY1HnsIn9Z22GblA0uj7b9xzkwmKKdzZAjw6aBVH_AZduDm-S8gQz12qB9WYj3kSiodVJGY
cache-control: public, max-age=3600,no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730906621007903
content-length: 78991
server: UploadServer

GET
H2 200 pendo.js Show response
cdn.pendo.io/agent/static/c18819ef-f185-46a7-6c2f-59bf376fc654/ 413 KB
136 KB 396ms
45ms Script
application/javascript 34.36.213.229
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pendo.io/agent/static/c18819ef-f185-46a7-6c2f-59bf376fc654/pendo.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.36.213.229 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

229.213.36.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

8be0f61ab5d9fb0629d1c8028b5471ff3b534e4faf3892e8d839ebb71e6c8238

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=LpMrMQ==, md5=yysC8IvAVJf/AFKsvSWqow==
etag: "cb2b02f08bc05497ff0052acbd25aaa3"
age: 398
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 138999
date: Sun, 10 Nov 2024 12:12:47 GMT
last-modified: Thu, 30 Mar 2023 18:09:34 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY2nPo2ngl06uduqfUMU5e3ICGhJ0RuHjn51Ei1DU_95Yk6d-NVECNJA7kLKG1MG_zY8dW4
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: public,max-age=450
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1680199773893119
content-length: 138999
server: UploadServer

GET
H2 200 heap-714539924.js Show response
cdn.heapanalytics.com/js/ 117 KB
38 KB 501ms
151ms Script
application/javascript 13.32.27.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.heapanalytics.com/js/heap-714539924.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-116.fra56.r.cloudfront.net

Software

nginx / Express

Resource Hash

3688f35c17f1874031695f71cdb8f6c812d27bad36b38176881025aa415fb9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: br
etag: W/"1d5dd-iWoL0NuMWwYunhqUKFD06vngP1w"
age: 94
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: vZbJ7sK_qu2JepB5_jzHOY7RbfXmlNoXVGqwEIjUGJonuPuCkYCq1g==
date: Sun, 10 Nov 2024 12:17:51 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=120
cross-origin-resource-policy: cross-origin
via: 1.1 84f381696dd33e92960b92250106e464.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-powered-by: Express
server: nginx

GET
H2 200 arrow-right.b4e0a6f2.svg
securityscorecard.com/security-rating/_next/static/media/ 304 B
327 B 357ms
278ms Image
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/arrow-right.b4e0a6f2.svg

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bfdf2f470ec7fd4d6965efcddb2bb5e8438f74492658504e44bb3f2f229337c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"130-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda3fc019b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
server: cloudflare

GET
H2 200 Inter-Regular.f1f0c35b.woff2
securityscorecard.com/security-rating/_next/static/media/ 97 KB
98 KB 518ms
474ms Font
font/woff2 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/media/Inter-Regular.f1f0c35b.woff2

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://securityscorecard.com
Referer: https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Response headers

cf-cache-status: DYNAMIC
etag: W/"18234-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: font/woff2
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c2e9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
content-length: 98868
x-xss-protection: 0
server: cloudflare

GET
H2 200 Inter-Medium.dc792b50.woff2
securityscorecard.com/security-rating/_next/static/media/ 103 KB
104 KB 515ms
471ms Font
font/woff2 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/media/Inter-Medium.dc792b50.woff2

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://securityscorecard.com
Referer: https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Response headers

cf-cache-status: DYNAMIC
etag: W/"19dc4-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: font/woff2
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c309b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
content-length: 105924
x-xss-protection: 0
server: cloudflare

GET
H2 200 Inter-Bold.579e0f95.woff2
securityscorecard.com/security-rating/_next/static/media/ 104 KB
104 KB 519ms
475ms Font
font/woff2 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/media/Inter-Bold.579e0f95.woff2

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://securityscorecard.com
Referer: https://securityscorecard.com/security-rating/_next/static/css/12eca9a40955af22.css

Response headers

cf-cache-status: DYNAMIC
etag: W/"19e9c-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: font/woff2
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c319b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
content-length: 106140
x-xss-protection: 0
server: cloudflare

GET
H2 200 ssc-logo.ed089e2c.svg
securityscorecard.com/security-rating/_next/static/media/ 8 KB
3 KB 421ms
374ms Image
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/ssc-logo.ed089e2c.svg

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d1244f37e3bf6b821e0d192b73210dad032b8e4dbd32d6700fd223b3d41f8bb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"2118-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c339b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 claimed-icon.7d993494.svg
securityscorecard.com/security-rating/_next/static/media/ 1 KB
633 B 421ms
375ms Image
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/claimed-icon.7d993494.svg

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e80d14ae57de0a88f85e1d248f7506b8030f6ada0bfdc700e41bd90145bf087

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"49a-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c359b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 breach.9bb96c83.svg
securityscorecard.com/security-rating/_next/static/media/ 9 KB
3 KB 450ms
404ms Image
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/breach.9bb96c83.svg

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34a7988eeb1f5fb88ba3bd62fd29eb25e12f54a56b6d7e1cc4d9144fefb9c3c6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"2267-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c379b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 privacypolicy.e8729199.svg
securityscorecard.com/security-rating/_next/static/media/ 1 KB
657 B 422ms
376ms Image
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/privacypolicy.e8729199.svg

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43752775f3b87777ecbb7c476f2591b4b3a2904c89e4af1568b2cf2c7af6f4d3

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"40c-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c389b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 image
securityscorecard.com/security-rating/_next/ 2 KB
2 KB 582ms
537ms Image
image/webp 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/image?url=%2Fsecurity-rating%2F_next%2Fstatic%2Fmedia%2Faicpa.eaf60015.png&w=96&q=75

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b85c4484cf13337a8f117640b3baadac37db3b0dccb3cab8d490c6bf96172f8e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cf-cache-status: BYPASS
etag: uFxEhM8TM3qPEXZAs7qtrDfbOw3Ms8q41JDGv5YXL44=
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/webp
content-disposition: inline; filename="aicpa.webp"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c399b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
content-length: 2050
x-nextjs-cache: HIT
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 image
securityscorecard.com/security-rating/_next/ 2 KB
2 KB 588ms
543ms Image
image/webp 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/image?url=%2Fsecurity-rating%2F_next%2Fstatic%2Fmedia%2Fiso.34ae3f0f.png&w=96&q=75

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fbfc6d373f13e94dbd41619f5ff38f1991237ee85008e71fc3f9166aa63a3d5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cf-cache-status: BYPASS
etag: b7-G03PxPpTb1BYZ9f848ZkSN+6FAI5x-D+RZqpjo9U=
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/webp
content-disposition: inline; filename="iso.webp"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c3a9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
content-length: 1864
x-nextjs-cache: HIT
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 image
securityscorecard.com/security-rating/_next/ 748 B
947 B 585ms
540ms Image
image/webp 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/image?url=%2Fsecurity-rating%2F_next%2Fstatic%2Fmedia%2Fnist.d9072d37.png&w=96&q=75

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fb1a7c06d9ece0f9206bf0046a3b0a166f93ccd1f4e19c5475bdd21e499d1c2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cf-cache-status: BYPASS
etag: D7GnwG2ezg+SBr8ARqOwoWb5PM0fThnFR1vdIeSZ0cI=
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/webp
content-disposition: inline; filename="nist.webp"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda44c3b9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
content-length: 748
x-nextjs-cache: HIT
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 ssc-logo-badge-1.8891ced8.svg
securityscorecard.com/security-rating/_next/static/media/ 8 KB
3 KB 437ms
392ms Image
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securityscorecard.com/security-rating/_next/static/media/ssc-logo-badge-1.8891ced8.svg

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce46e661cba8e7c02e53af96c7cbb3d2d0565577b08d2aeda00a9c2d8c864554

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"204a-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:25 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fda48c5e9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 web Show response
edge.fullstory.com/s/settings/35500/v1/ 7 KB
2 KB 51ms
39ms XHR
application/json 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/settings/35500/v1/web
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: dfd2abc498a49aa0ec151e52e9fb57430b461df256580a85c537dfdcbc8774ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=WWPWRg==, md5=BGH8LhbSOjY84W8QMVShaw==
etag: "0461fc2e16d23a363ce16f103154a16b"
age: 804
x-goog-stored-content-encoding: gzip
expires: Sun, 10 Nov 2024 12:21:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1394
date: Sun, 10 Nov 2024 12:06:01 GMT
last-modified: Sun, 10 Nov 2024 12:04:30 GMT
content-type: application/json
x-guploader-uploadid: AHmUCY2uKNoMb5w2MTZJKTTSUpLRANYXie3vXOhMvkLDFdzqJyBmiZXzF0ZZWVS9kRafcBnoa20
cache-control: public,max-age=900,no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730907270779581
content-length: 1394
server: UploadServer

GET
H2 200 h
heapanalytics.com/ 37 B
378 B 409ms
118ms Image
image/gif 34.192.1.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/h?a=714539924&u=579033209801547&v=7994149373443939&s=643387506284836&b=web&tv=4.0&z=0&h=%2Fsecurity-rating%2Fmerccap.com&d=securityscorecard.com&t=Merccap%20Cyber%20Security%20Rating%20%26%20Vendor%20Risk%20Report%20%7C%20SecurityScorecard&ts=1731241165808&sch=1200&scw=1600&st=1731241165931&lv=4.23.4&ld=cdn.heapanalytics.com

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.1.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-1-90.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
access-control-allow-methods: POST, PUT, GET
access-control-allow-origin: *
content-length: 37
date: Sun, 10 Nov 2024 12:19:26 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 110 KB
34 KB 236ms
110ms Script
application/javascript 2a02:26f0:3500:18::1724:a29d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574
Requested by: Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

access-control-expose-headers: Request-Context
cache-control: public, max-age=206
content-encoding: gzip
etag: "42d4c62e8219db1:0"
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires: Sun, 10 Nov 2024 12:22:52 GMT
accept-ranges: bytes
content-length: 34533
date: Sun, 10 Nov 2024 12:19:26 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 13:01:25 GMT
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 426 KB
132 KB 71ms
68ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NMMJ3760R6&l=dataLayer&cx=c&gtm=45He4b70v72427736za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQH6FX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

154b318ffdeb808a48bbb7ce56fdc7e43e107584d955f1cbd8beb50730615f42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sun, 10 Nov 2024 12:19:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 10 Nov 2024 12:19:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 135057
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 datadog-rum-v4.js Show response
www.datadoghq-browser-agent.com/ 150 KB
50 KB 224ms
84ms Script
application/javascript 13.33.219.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Requested by: Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.219.205 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-219-205.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

vary: accept-encoding
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
content-encoding: gzip
etag: W/"2630b3d7ad4a41fac67742216e506d83"
age: 21
via: 1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: uJmLvTdk8MWrGok_eYGx88jEB3igXbQZzCqwr6solIVn3MEPPAStjQ==
date: Sun, 10 Nov 2024 12:19:05 GMT
content-type: application/javascript
last-modified: Mon, 09 Oct 2023 11:26:13 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P10
x-amz-server-side-encryption: AES256

GET
H2 200 qualified.js Show response
js.qualified.com/ 1 MB
245 KB 205ms
82ms Script
text/javascript 104.18.16.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQH6FX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.16.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fae34e315202714edc06cf36afa78141f587df60a37b0118d538725fea4b4c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

x-request-id: 93a5eca1-c917-4efe-8748-027409405ee4
content-encoding: gzip
cf-cache-status: HIT
etag: W/"b1b8e1e7ecdc311ab86159e7a5904f07"
age: 14527
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
x-cache: miss
date: Sun, 10 Nov 2024 12:19:26 GMT
content-type: text/javascript; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.034922
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: max-age=60, public, stale-while-revalidate=60, stale-if-error=300, s-maxage=86400
x-envoy-upstream-service-time: 59
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8e05fdabbb78e506-TXL
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 scorecards Show response
securityscorecard.com/security-rating/api/ 319 B
306 B 329ms
266ms Fetch
application/json 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/api/scorecards

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f7d8ce0f93e7028f01b8834dc0d8b9e3874ba5d493025efb2e5ec0edebb550e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"nczs8i7jop8v"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac78e39b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
server: cloudflare

POST
H2 202 page Show response
rs.fullstory.com/rec/ 94 B
295 B 343ms
149ms XHR
text/plain 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rs.fullstory.com/rec/page

Requested by

Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

58.194.186.35.bc.googleusercontent.com

Software

Resource Hash

2ea77eca57b273b991e34787afb79880972c0ad6c6612b16e3402e2cde1b910c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: https://securityscorecard.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
date: Sun, 10 Nov 2024 12:19:26 GMT
content-type: text/plain; charset=utf-8

GET
H2 200 269-fa8653fc915fb808.js
securityscorecard.com/security-rating/_next/static/chunks/ 0
7 KB 295ms
275ms Other
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/269-fa8653fc915fb808.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
etag: W/"6272-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac88f89b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 index-d811653f086255bd.js
securityscorecard.com/security-rating/_next/static/chunks/pages/ 0
463 B 290ms
279ms Other
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/pages/index-d811653f086255bd.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
etag: W/"19a-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac88f99b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 %5Bcategory%5D-e2f4eb8a0b935685.js
securityscorecard.com/security-rating/_next/static/chunks/pages/companies/ 0
1 KB 545ms
534ms Other
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/pages/companies/%5Bcategory%5D-e2f4eb8a0b935685.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
etag: W/"114-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac88fa9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 186ms
49ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-NMMJ3760R6&gtm=45je4b70v877024657z872427736za200zb72427736&_p=1731241164637&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=2120840260.1731241167&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1731241166&sct=1&seg=0&dl=https%3A%2F%2Fsecurityscorecard.com%2Fsecurity-rating%2Fmerccap.com&dt=Merccap%20Cyber%20Security%20Rating%20%26%20Vendor%20Risk%20Report%20%7C%20SecurityScorecard&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4698
Requested by: Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://securityscorecard.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
548 B 185ms
48ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NMMJ3760R6&cid=2120840260.1731241167&gtm=45je4b70v877024657z872427736za200zb72427736&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101823848~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NMMJ3760R6&l=dataLayer&cx=c&gtm=45He4b70v72427736za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://securityscorecard.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 164ms
86ms Image
image/gif 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NMMJ3760R6&cid=2120840260.1731241167&gtm=45je4b70v877024657z872427736za200zb72427736&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101823848~101925629&tag_exp=101823848~101925629&z=1824654231

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Sun, 10 Nov 2024 12:19:27 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame D419 0
0 141ms
43ms Document
text/html 2a02:26f0:3500:887::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://securityscorecard.com/security-rating/merccap.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=31297270
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 10 Nov 2024 12:19:27 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Fri, 07 Nov 2025 18:00:37 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1731241167381_388276619_1425515728_20_844_45_41_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cc.js Show response
consent.cookiebot.com/8460383f-9939-486d-8fa8-150c23f92574/ 319 KB
91 KB 293ms
293ms Script
application/x-javascript 2a02:26f0:3500:18::1724:a29d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/8460383f-9939-486d-8fa8-150c23f92574/cc.js?renew=false&referer=securityscorecard.com&dnt=false&init=false&georegions=%5B%7B%22r%22%3A%22us-06%22%2C%22i%22%3A%228460383f-9939-486d-8fa8-150c23f92574%22%7D%2C%7B%22r%22%3A%22AT%2CBE%2CBG%2CHR%2CCY%2CCZ%2CDK%2CEE%2CFI%2CFR%2CDE%2CGB%2CGR%2CHU%2CIE%2CIT%2CLV%2CLT%2CLU%2CMT%2CNL%2CPL%2CPT%2CRO%2CSK%2CSI%2CES%2CSE%22%2C%22i%22%3A%22a4c8b8d7-448a-48a6-8820-58af1d923a63%22%7D%5D
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 0308476066e743950697f4750c1290fb0664d6987e8dae9b1e108bb60c660b2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

cache-control: private, max-age=1200
access-control-expose-headers: Request-Context
content-encoding: gzip
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
content-length: 93194
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Sun, 10 Nov 2024 12:19:27 GMT
vary: Accept-Encoding

POST
H2 403 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 155 B
391 B 537ms
231ms Fetch
application/json 2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Assc-marketing-web&dd-api-key=pubd51b3ccf1f19ec89526be473d38d64bd&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=f515bb28-fa23-4add-bc70-a3327446279a&batch_time=1731241167628

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

693269a46847e8ce081b85639c7cdcf53e8c52c083c09e9b82bb519375763b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
content-length: 155
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/json
dd-request-id: f515bb28-fa23-4add-bc70-a3327446279a

POST
H2 403 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 155 B
216 B 536ms
236ms Fetch
application/json 2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Assc-marketing-web&dd-api-key=pubd51b3ccf1f19ec89526be473d38d64bd&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=4e5af27c-c7de-483b-82f5-a7265d3ca3ae&batch_time=1731241167636

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

37f8d07de54e82b6f510ec31a93b217c903ab824d390a9c9dd5cae8e96a8581a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
content-length: 155
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/json
dd-request-id: 4e5af27c-c7de-483b-82f5-a7265d3ca3ae

GET
H/1.1 200
OK 1.gif
imgsct.cookiebot.com/ 35 B
788 B 155ms
43ms Image
image/gif 2a02:26f0:3500:886::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=8460383f-9939-486d-8fa8-150c23f92574
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:886::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

x-goog-metageneration: 1
Access-Control-Expose-Headers: *
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
ETag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35
Date: Sun, 10 Nov 2024 12:19:27 GMT
Last-Modified: Mon, 23 Oct 2023 11:39:32 GMT
Content-Type: image/gif
X-GUploader-UploadID: AHmUCY3x0uMyBicFiO4QFahi3yEEZuTi5JBKYWdwhr1VQooQVwLkIhpPqm_phry4ZkI_Uy1BAqz9E8HUXQ
Cache-Control: public,max-age=1800
x-goog-storage-class: STANDARD
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
x-goog-generation: 1698061172769999
Content-Length: 35
Server: UploadServer

GET c18819ef-f185-46a7-6c2f-59bf376fc654
app.pendo.io/data/ptm.gif/ 0
0

GET
H2 401 c18819ef-f185-46a7-6c2f-59bf376fc654 Show response
app.pendo.io/data/guide.json/ 31 B
314 B 281ms
156ms XHR
text/plain 34.107.204.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.pendo.io/data/guide.json/c18819ef-f185-46a7-6c2f-59bf376fc654?id=4&jzb=eJx9jk1LxDAQhv_LnNemrcJKb4J78OAHrAviJQzpUCNpEiaTgkj_-04vxZO3zDPPvHl_YfHFS-KnEQawb6eXx1f7bpfwfPyg79Pt5RMOgM6lGmVTYg3hAJWD2l8iuQzGFHKVvfwUl5gc8ti4NO_0hlF8nMxM7BzmbaeRMwmOKAjD3mB7-n9aBIxTxYnUoGgvZ1j3ZnqqQ0amKA9_kX6x-V1rus70bX-nOQtx8Skq7pvueN-0NnMaYV2vgX9Ziw&v=2.178.0_prod&ct=1731241167851

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

e3816d4f22ab4093f9b9dbd82bd18942561067ed32a45a1d536b3acf2c3c4c06

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=63072000
access-control-max-age: 600
cache-control: no-store
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
x-content-type-options: nosniff
access-control-allow-methods: GET,POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: clear
content-length: 31
date: Sun, 10 Nov 2024 12:19:28 GMT
content-type: text/plain; charset=utf-8
server: istio-envoy
access-control-allow-headers: *

GET
H2 401 c18819ef-f185-46a7-6c2f-59bf376fc654 Show response
app.pendo.io/data/guide.gif/ 31 B
95 B 285ms
161ms XHR
text/plain 34.107.204.85
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.pendo.io/data/guide.gif/c18819ef-f185-46a7-6c2f-59bf376fc654?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1731241167852&v=2.178.0_prod

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

e3816d4f22ab4093f9b9dbd82bd18942561067ed32a45a1d536b3acf2c3c4c06

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=63072000
access-control-max-age: 600
cache-control: no-store
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
x-content-type-options: nosniff
access-control-allow-methods: GET,POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: clear
content-length: 31
date: Sun, 10 Nov 2024 12:19:28 GMT
content-type: text/plain; charset=utf-8
server: istio-envoy
access-control-allow-headers: *

GET
H2 200 favicon.98a8ded6.svg
securityscorecard.com/security-rating/_next/static/media/ 508 B
494 B 278ms
277ms Other
image/svg+xml 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/media/favicon.98a8ded6.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71c597eff7e2b2fbc08768496925ea6a8e29cd7a4cc5554d6d7556bc15a0771d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"1fc-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:28 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdb34d079b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
server: cloudflare

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 781c54d1986b08470b7723ee37480516cf35a859eda5b4f549028016416d19fa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 299 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7792735ba28d6997c9a5f9b87e19729143d1c649ed3c451638c3059628b171

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 145 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f393df311564b9adc496cbabb2361eb19d59bf683ce16be7efa4f1a20271afa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 973 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 269-fa8653fc915fb808.js Show response
securityscorecard.com/security-rating/_next/static/chunks/ 25 KB
0 0ms
0ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/269-fa8653fc915fb808.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73e31d56591e9c13327b0cec29c6750ac3c2d66b9d9b817ebdfe4748a163518d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
etag: W/"6272-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac88f89b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 index-d811653f086255bd.js Show response
securityscorecard.com/security-rating/_next/static/chunks/pages/ 410 B
0 0ms
0ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/pages/index-d811653f086255bd.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ee8788bcb324fdfdc257960778d7be42c154395d3a3d85697df4f8ad527a1ca

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
etag: W/"19a-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac88f99b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

GET
H2 200 %5Bcategory%5D-e2f4eb8a0b935685.js Show response
securityscorecard.com/security-rating/_next/static/chunks/pages/companies/ 276 B
0 2ms
2ms Script
application/javascript 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/chunks/pages/companies/%5Bcategory%5D-e2f4eb8a0b935685.js

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/_next/static/chunks/main-12d16fde52b687be.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a89398e06a690db1f215439e6f142ae7e07624623279cfbd7dea71aa7066400

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
etag: W/"114-192976143f8"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 16 Oct 2024 22:09:47 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdac88fa9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
x-xss-protection: 0
cf-apo-via: origin,page-rules
server: cloudflare

POST
H2 403 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 155 B
215 B 133ms
110ms Fetch
application/json 2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Assc-marketing-web&dd-api-key=pubd51b3ccf1f19ec89526be473d38d64bd&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=a45298fe-9d4b-4100-8ee0-64e6a5c74364&batch_time=1731241168169

Requested by

Host: securityscorecard.com
URL: https://securityscorecard.com/security-rating/merccap.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

586e2ae0d52fe0ee29071d0047264e7a2ca0e145dc4cc94a1f523117953b2b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
content-length: 155
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
date: Sun, 10 Nov 2024 12:19:27 GMT
content-type: application/json
dd-request-id: a45298fe-9d4b-4100-8ee0-64e6a5c74364

GET
H2 200 favicon.b414921f.ico
securityscorecard.com/security-rating/_next/static/media/ 15 KB
3 KB 285ms
283ms Other
image/x-icon 2606:4700::6810:e350
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityscorecard.com/security-rating/_next/static/media/favicon.b414921f.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e350 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d10c65f39545e0e2b92955accabd80892528f639c9797ead97b0fd0e08e5bda8

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://securityscorecard.com/security-rating/merccap.com

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"3aee-1929760f1f0"
x-content-type-options: nosniff
date: Sun, 10 Nov 2024 12:19:28 GMT
content-type: image/x-icon
last-modified: Wed, 16 Oct 2024 22:09:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
cache-control: public, max-age=2592000, stale-if-error=86400
referrer-policy: no-referrer-when-downgrade
cf-ray: 8e05fdb55e2a9b45-FRA
permissions-policy: fullscreen 'self' https://*.securityscorecard.com https://securityscorecard.com; geolocation 'self' https://securityscorecard.com; camera 'none';
accept-ranges: bytes
x-xss-protection: 0
server: cloudflare

GET
H2 200 messenger
app.qualified.com/w/1/596DnzD85Gz1Abe4/ Frame 1ABA 0
0 507ms
394ms Document
text/html 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/596DnzD85Gz1Abe4/messenger?uuid=e355dcba-54d9-45ac-b4a7-9a3101c5a007

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityscorecard.com/security-rating/merccap.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8e05fdb93963e51b-TXL
content-encoding: gzip
content-security-policy
content-type: text/html; charset=utf-8
date: Sun, 10 Nov 2024 12:19:29 GMT
link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC"
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-cache: miss
x-content-type-options: nosniff
x-download-options: noopen
x-envoy-upstream-service-time: 19
x-permitted-cross-domain-policies: none
x-request-id: 2c296226-96ba-4fd7-9947-11d973fc5de4
x-runtime: 0.017774
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: app.pendo.io
URL: https://app.pendo.io/data/ptm.gif/c18819ef-f185-46a7-6c2f-59bf376fc654?v=2.178.0_prod&ct=1731241167845&jzb=eJzNUU1v4jAQ_S8-p0kcExy4oW6Equ3HSoBKqVaWcbzUyInTiRNEEf8dG7ZRT9wq1SfPmzdP7828HpDd1xKNUSktRwFag9k1EphVpUMxJTgZYDykWUID1KlGWQNMFW6A_ckffz2xOev0A13KbU4WKyfAhTBtZc-cqtU6QC1oR3-ztm7GUdRI0YKy-0YYkIJDEQpT9ugNcKuqTVRKEILXvuc0azB1g8aHTwP-e82D5tWm5RsfS1ZsMUPH3pcbdUXNQVZ28hUquPV8HEcYR0mcDJxOJ6FRpnJwEmKahTFzTgqvdhGY8_VdH9NeCrR8Frftu3jR3SqFqTZO5x_wUp6b292E1Pl9_jvGH1MxU37jeytdOJKlx6C_hja8uHYNQn7ANbzJ_9bSeJiGWewfHsWUuCzfsKOEjo5_T6Vp4ic

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.securityscorecard.com/	1970-01-21 10:21:58	Name: _hp2_id.714539924 Value: %7B%22userId%22%3A%22579033209801547%22%2C%22pageviewId%22%3A%227994149373443939%22%2C%22sessionId%22%3A%22643387506284836%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.securityscorecard.com/	1970-01-21 00:54:02	Name: _hp2_ses_props.714539924 Value: %7B%22ts%22%3A1731241165808%2C%22d%22%3A%22securityscorecard.com%22%2C%22h%22%3A%22%2Fsecurity-rating%2Fmerccap.com%22%7D
.securityscorecard.com/	1970-01-21 10:30:01	Name: _ga_NMMJ3760R6 Value: GS1.1.1731241166.1.0.1731241166.60.0.0
.securityscorecard.com/	1970-01-21 10:30:01	Name: _ga Value: GA1.1.2120840260.1731241167
.securityscorecard.com/	1970-01-21 10:30:01	Name: __q_state_596DnzD85Gz1Abe4 Value: eyJ1dWlkIjoiZTM1NWRjYmEtNTRkOS00NWFjLWI0YTctOWEzMTAxYzVhMDA3IiwiY29va2llRG9tYWluIjoic2VjdXJpdHlzY29yZWNhcmQuY29tIn0=
securityscorecard.com/	1970-01-21 00:54:02	Name: _dd_s Value: rum=2&id=8adaecd3-26ab-45d1-9c74-96e27bee4312&created=1731241167186&expire=1731242067186

78 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://securityscorecard.com/security-rating/merccap.com Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://edge.fullstory.com/s/fs.js(Line 3) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://consent.cookiebot.com/uc.js?cbid=8460383f-9939-486d-8fa8-150c23f92574(Line 1) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
network	error	URL: https://app.pendo.io/data/guide.json/c18819ef-f185-46a7-6c2f-59bf376fc654?id=4&jzb=eJx9jk1LxDAQhv_LnNemrcJKb4J78OAHrAviJQzpUCNpEiaTgkj_-04vxZO3zDPPvHl_YfHFS-KnEQawb6eXx1f7bpfwfPyg79Pt5RMOgM6lGmVTYg3hAJWD2l8iuQzGFHKVvfwUl5gc8ti4NO_0hlF8nMxM7BzmbaeRMwmOKAjD3mB7-n9aBIxTxYnUoGgvZ1j3ZnqqQ0amKA9_kX6x-V1rus70bX-nOQtx8Skq7pvueN-0NnMaYV2vgX9Ziw&v=2.178.0_prod&ct=1731241167851 Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://app.pendo.io/data/guide.gif/c18819ef-f185-46a7-6c2f-59bf376fc654?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1731241167852&v=2.178.0_prod Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Assc-marketing-web&dd-api-key=pubd51b3ccf1f19ec89526be473d38d64bd&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=f515bb28-fa23-4add-bc70-a3327446279a&batch_time=1731241167628 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Assc-marketing-web&dd-api-key=pubd51b3ccf1f19ec89526be473d38d64bd&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=4e5af27c-c7de-483b-82f5-a7265d3ca3ae&batch_time=1731241167636 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Assc-marketing-web&dd-api-key=pubd51b3ccf1f19ec89526be473d38d64bd&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=a45298fe-9d4b-4100-8ee0-64e6a5c74364&batch_time=1731241168169 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.cookiebot.com'
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'img-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.heapanalytics.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'font-src' contains an invalid source: '.auryc.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.crazyegg.com'. It will be ignored.
security	error	URL: https://js.qualified.com/qualified.js?token=596DnzD85Gz1Abe4(Line 2) Message: The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '.auryc.com'. It will be ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://.qualified.com wss://.qualified.com .auryc.com https://.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.pendo.io
app.qualified.com
cdn.heapanalytics.com
cdn.pendo.io
client-registry.mutinycdn.com
consent.cookiebot.com
consentcdn.cookiebot.com
edge.fullstory.com
heapanalytics.com
imgsct.cookiebot.com
js.qualified.com
p.typekit.net
region1.analytics.google.com
rs.fullstory.com
rum.browser-intake-datadoghq.com
securityscorecard.com
stats.g.doubleclick.net
www.datadoghq-browser-agent.com
www.google.de
www.googletagmanager.com
www.merccap.com
app.pendo.io
104.18.16.5
104.18.17.5
13.32.27.116
13.33.219.205
142.250.184.227
15.197.225.128
151.101.129.91
2001:4860:4802:34::36
2600:1f18:24e6:b900:1b27:42c5:4fd7:dc46
2606:4700::6810:e350
2a00:1450:4001:830::2008
2a00:1450:400c:c0c::9b
2a02:26f0:3500:18::1724:a29d
2a02:26f0:3500:886::f09
2a02:26f0:3500:887::f09
2a02:26f0:480:f::213:7edb
34.107.204.85
34.192.1.90
34.36.213.229
35.186.194.58
35.201.112.186
014f7d221ab65baa1bad266369da6e27a9feb0998e721f57d57da3ddb1a1cd41
0308476066e743950697f4750c1290fb0664d6987e8dae9b1e108bb60c660b2e
0bfdf2f470ec7fd4d6965efcddb2bb5e8438f74492658504e44bb3f2f229337c
0e073b2c57b4ca384b1632f85aa2377f4a56f9f401144661a9a3fcdfa0eda7d8
0fb1a7c06d9ece0f9206bf0046a3b0a166f93ccd1f4e19c5475bdd21e499d1c2
154b318ffdeb808a48bbb7ce56fdc7e43e107584d955f1cbd8beb50730615f42
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6
1bbeffbece52558173b666e557f91a147b39d2c7ed5aeff57653d25e8f555fbc
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1fafa19b262056af7249123215f0168c5f78ce5cf74be5170169cd65716934a4
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2ea77eca57b273b991e34787afb79880972c0ad6c6612b16e3402e2cde1b910c
3453fa3caf6fbc44c0541041b1ff2065afd67d1943e2461d7569962f1f575315
34a7988eeb1f5fb88ba3bd62fd29eb25e12f54a56b6d7e1cc4d9144fefb9c3c6
3688f35c17f1874031695f71cdb8f6c812d27bad36b38176881025aa415fb9db
37f8d07de54e82b6f510ec31a93b217c903ab824d390a9c9dd5cae8e96a8581a
3b7792735ba28d6997c9a5f9b87e19729143d1c649ed3c451638c3059628b171
3ea4741c2bc3e9dd1b95e2054b78192e90afea9743554241161ba05b78722493
40bb920d45b62bef7b5f41862dac72d63df583e2a60b56f665e4116940cdb881
41c52dce132868a64a151479c471b8b5671cc4096988368941c9f5e1f037a492
43752775f3b87777ecbb7c476f2591b4b3a2904c89e4af1568b2cf2c7af6f4d3
4f393df311564b9adc496cbabb2361eb19d59bf683ce16be7efa4f1a20271afa
586e2ae0d52fe0ee29071d0047264e7a2ca0e145dc4cc94a1f523117953b2b1a
5c9058d3cabe6c9febe8eab4a6d85d4b9af96e59185edd282026ff264b63b9ed
5ee8788bcb324fdfdc257960778d7be42c154395d3a3d85697df4f8ad527a1ca
693269a46847e8ce081b85639c7cdcf53e8c52c083c09e9b82bb519375763b37
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d1244f37e3bf6b821e0d192b73210dad032b8e4dbd32d6700fd223b3d41f8bb
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
6fbfc6d373f13e94dbd41619f5ff38f1991237ee85008e71fc3f9166aa63a3d5
71c597eff7e2b2fbc08768496925ea6a8e29cd7a4cc5554d6d7556bc15a0771d
73e31d56591e9c13327b0cec29c6750ac3c2d66b9d9b817ebdfe4748a163518d
781c54d1986b08470b7723ee37480516cf35a859eda5b4f549028016416d19fa
7eb0e897d90cafb487c4a16797f27ef95f8f7a308906ed4d7bbad87bd0844cd0
7fae34e315202714edc06cf36afa78141f587df60a37b0118d538725fea4b4c0
8a89398e06a690db1f215439e6f142ae7e07624623279cfbd7dea71aa7066400
8be0f61ab5d9fb0629d1c8028b5471ff3b534e4faf3892e8d839ebb71e6c8238
8e4474a3f93ab13af0f1e9faa23e17fd1713a949f86a6933a594d44a8b847555
8e80d14ae57de0a88f85e1d248f7506b8030f6ada0bfdc700e41bd90145bf087
9f7d8ce0f93e7028f01b8834dc0d8b9e3874ba5d493025efb2e5ec0edebb550e
ad5dcc4e01dab6422e6e5c6b3e67267079b6a145fe17981fe1e21688cc118eb4
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5
b6a54ece1f495bee9091eb1678b131ddb6dc9afe64a5e74b90c3fdeaa38d8b80
b85c4484cf13337a8f117640b3baadac37db3b0dccb3cab8d490c6bf96172f8e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be7333e3a4a5b894c75897c9ef423c597bef93b72436b52a72ff03289313af51
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
ce46e661cba8e7c02e53af96c7cbb3d2d0565577b08d2aeda00a9c2d8c864554
d0da5049082833ca908a101ec696716d9feba5aa6a3fd5ebaaf773abb8d4eb10
d10c65f39545e0e2b92955accabd80892528f639c9797ead97b0fd0e08e5bda8
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
dfd2abc498a49aa0ec151e52e9fb57430b461df256580a85c537dfdcbc8774ac
e0cf8e8868ecbeca608cb044fb2aa94e249c109189166642f79e23a2fa919c74
e3816d4f22ab4093f9b9dbd82bd18942561067ed32a45a1d536b3acf2c3c4c06
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51adeaee2d31a1f1fad749ca944e85c69663e7ab2cf6453d1407066bc06dbd4
eba2938e555771d98f451537eb6e9320c29ad44cb501ed56ed39df9cdd4b056f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9

securityscorecard.com Open in urlscan Pro 2606:4700::6810:e350 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

98 %HTTPS

43 %IPv6

15 Domains

21 Subdomains

21 IPs

4 Countries

2011 kBTransfer

6004 kBSize

6 Cookies

38 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityscorecard.com Open in urlscan Pro
2606:4700::6810:e350 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

98 %
HTTPS

43 %
IPv6

15
Domains

21
Subdomains

21
IPs

4
Countries

2011 kB
Transfer

6004 kB
Size

6
Cookies

64 HTTP transactions
4 data transactions