urlscan.io logo urlscan.io
SecurityTrails logo

paypal.helden.dev Open in urlscan Pro
140.82.38.210  Public Scan

Go To Rescan Add Verdict Report
URL: https://paypal.helden.dev/
Submission: On September 01 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 11 HTTP transactions. The main IP is 140.82.38.210, located in Frankfurt am Main, Germany and belongs to AS-CHOOPA, US. The main domain is paypal.helden.dev.
TLS certificate: Issued by R11 on September 1st 2024. Valid for: 3 months.
This is the only time paypal.helden.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 140.82.38.210 20473 (AS-CHOOPA)
1 2400:52e0:1e0... 60068 (CDN77 _)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 151.101.1.21 54113 (FASTLY)
1 151.101.3.1 54113 (FASTLY)
3 192.229.221.25 15133 (EDGECAST)
2 151.101.131.1 54113 (FASTLY)
11 8
2    140.82.38.210 (Frankfurt am Main, Germany)

ASN20473 (AS-CHOOPA, US)
PTR: 140.82.38.210.vultrusercontent.com
paypal.helden.dev
1    2400:52e0:1e00::1081:1 (Germany)

ASN60068 (CDN77 _, GB)
fonts.bunny.net
3    2606:4700::6811:f6cb (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    151.101.3.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.sandbox.paypal.com
3    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
2    151.101.131.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.sandbox.paypal.com
Apex Domain
Subdomains		 Transfer
4 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3677
www.sandbox.paypal.com — Cisco Umbrella Rank: 75089
85 KB
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 3281
6 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1314
324 KB
2 helden.dev
paypal.helden.dev
4 KB
1 bunny.net
fonts.bunny.net — Cisco Umbrella Rank: 15346
1 KB
11 5
Domain Requested by
3 www.paypalobjects.com paypal.helden.dev
3 www.sandbox.paypal.com www.paypal.com
3 unpkg.com 2 redirects paypal.helden.dev
2 paypal.helden.dev
1 www.paypal.com paypal.helden.dev
1 fonts.bunny.net paypal.helden.dev
11 6

This site contains no links.

Subject Issuer Validity Valid
paypal.helden.dev
R11		 2024-09-01 -
2024-11-30		 3 months crt.sh
fonts.bunny.net
R11		 2024-08-19 -
2024-11-17		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
www.sandbox.paypal.com
DigiCert EV RSA CA G2		 2024-02-05 -
2025-02-04		 a year crt.sh

This page contains 3 frames:

Primary Page: https://paypal.helden.dev/
Frame ID: C12D907A387C6E49A5690730704AE2AC
Requests: 7 HTTP requests in this frame

Frame: https://www.sandbox.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=silver&style.shape=rect&style.tagline=false&style.menuPlacement=below&allowBillingPayments=true&applePaySupport=false&buttonSessionID=uid_9b1f9d5075_mtq6mdm6mdm&buttonSize=huge&customerId=&clientID=AfAoDJ3gJsyBPPb42vTOefqtMxn3Lc76Aa6al7pupHfo90HcFXB_WkUPH2WV7d-22jS5aKO_qTgG87Cr&clientMetadataID=uid_bb32888d4e_mtq6mdm6mdm&commit=true&components.0=buttons&currency=EUR&debug=false&disableSetCookie=true&env=sandbox&experiment.enableVenmo=false&experiment.venmoVaultWithoutPurchase=false&experiment.venmoWebEnabled=false&flow=purchase&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwibWFlc3RybyI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGluZXJzIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJjdXAiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwiZXBzIjp7ImVsaWdpYmxlIjpmYWxzZX0sInNvZm9ydCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJteWJhbmsiOnsiZWxpZ2libGUiOmZhbHNlfSwicDI0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6dHJ1ZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOnRydWV9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&intent=capture&locale.country=US&locale.lang=en&hasShippingCallback=false&platform=desktop&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=card&sessionID=uid_bb32888d4e_mtq6mdm6mdm&sdkCorrelationID=f673176c97d2d&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWZBb0RKM2dKc3lCUFBiNDJ2VE9lZnF0TXhuM0xjNzZBYTZhbDdwdXBIZm85MEhjRlhCX1drVVBIMldWN2QtMjJqUzVhS09fcVRnRzg3Q3ImY3VycmVuY3k9RVVSIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfdWFyZnFrcmRqcnJqZHJpaXNlamxqZnJkY2NscHpmIn19&sdkVersion=5.0.457&storageID=uid_a0ad2d5b0c_mtq6mdm6mdm&supportedNativeBrowser=false&supportsPopups=true&vault=false
Frame ID: 4CDA7113F107653CF67504F9033A488C
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/js-sdk-logos/2.2.7/paypal-blue.svg
Frame ID: 390FC6F47E5704316B14BD87B3953573
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Laravel

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Page Statistics

11
Requests

91 %
HTTPS

29 %
IPv6

5
Domains

6
Subdomains

8
IPs

2
Countries

419 kB
Transfer

1094 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://unpkg.com/tailwindcss-jit-cdn HTTP 302
  • https://unpkg.com/tailwindcss-jit-cdn@1.3.0 HTTP 302
  • https://unpkg.com/tailwindcss-jit-cdn@1.3.0/dist/tailwindcss-jit-cdn.umd.min.js

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
paypal.helden.dev/ 		14 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://paypal.helden.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
140.82.38.210 Frankfurt am Main, Germany, ASN20473 (AS-CHOOPA, US),
Reverse DNS
140.82.38.210.vultrusercontent.com
Software
nginx-rc /
Resource Hash
c05422978c3fc51a09ef735829c40d816937bd06b44272e46cbf729859f1a0d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
private, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 01 Sep 2024 14:03:02 GMT
expires
-1
pragma
no-cache
server
nginx-rc
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css
fonts.bunny.net/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/css?family=figtree:400,600&display=swap
Requested by
Host: paypal.helden.dev
URL: https://paypal.helden.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash
0854286c6eb60edb6be3b8e4f1b9dd1d3bc691526f8c8e12ec78c9df39ac6b14

Request headers

Referer
https://paypal.helden.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 01 Sep 2024 14:03:02 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-cachedat
08/03/2024 14:27:13
cdn-pullzone
781720
last-modified
Sat, 03 Aug 2024 14:27:13 GMT
server
BunnyCDN-DE1-1081
cdn-proxyver
1.04
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
8d8df677fb047f678a91efea8d37a5d7
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
tailwindcss-jit-cdn.umd.min.js
unpkg.com/tailwindcss-jit-cdn@1.3.0/dist/
Redirect Chain
  • https://unpkg.com/tailwindcss-jit-cdn
  • https://unpkg.com/tailwindcss-jit-cdn@1.3.0
  • https://unpkg.com/tailwindcss-jit-cdn@1.3.0/dist/tailwindcss-jit-cdn.umd.min.js
760 KB
324 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/tailwindcss-jit-cdn@1.3.0/dist/tailwindcss-jit-cdn.umd.min.js
Requested by
Host: paypal.helden.dev
URL: https://paypal.helden.dev/
Protocol
H2
Server
2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01e01777daea74fe259ad4ce809edf9759b8b2e71232971f3b83f059413f0c99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://paypal.helden.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 01 Sep 2024 14:03:02 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
14851072
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWB7WQQJDYVVY9HBP3F5J5G-fra
server
cloudflare
etag
"bdf54-R+GO0nsBQrgGfMejCVCtNEFQ8qk"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
8bc5cd2b9fbe1e4a-FRA

Redirect headers

date
Sun, 01 Sep 2024 14:03:02 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
fly-request-id
01HRWB7WG8PSE8KJJQYG1BEB5X-fra
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
14851081
server
cloudflare
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/tailwindcss-jit-cdn@1.3.0/dist/tailwindcss-jit-cdn.umd.min.js
cache-control
public, max-age=31536000
cf-ray
8bc5cd2b5f511e4a-FRA
js
www.paypal.com/sdk/ 		305 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AfAoDJ3gJsyBPPb42vTOefqtMxn3Lc76Aa6al7pupHfo90HcFXB_WkUPH2WV7d-22jS5aKO_qTgG87Cr&currency=EUR
Requested by
Host: paypal.helden.dev
URL: https://paypal.helden.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fbd9a782a5f2e32522bdc3c85f61b8f6fa227164917fc105d898e711c3f8519a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-R8xTfL11txS25D2WOUvvUTfkIo98QVTV8FZz2X7wf+S22mey' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-R8xTfL11txS25D2WOUvvUTfkIo98QVTV8FZz2X7wf+S22mey' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypal.helden.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-R8xTfL11txS25D2WOUvvUTfkIo98QVTV8FZz2X7wf+S22mey' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-R8xTfL11txS25D2WOUvvUTfkIo98QVTV8FZz2X7wf+S22mey' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish
date
Sun, 01 Sep 2024 14:03:03 GMT
age
0
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
true
paypal-debug-id
f3208962b2cd8
server-timing
"traceparent;desc="00-0000000000000000000f3208962b2cd8-96d364a02d15ba57-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
84225
x-xss-protection
1; mode=block
x-served-by
cache-fra-etou8220140-FRA, cache-fra-etou8220140-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f3208962b2cd8-a230b80593e0f25b-01
x-timer
S1725199382.225588,VS0,VE887
etag
W/"14901-nhbdFNEt5Zdj4b+6VcVJGH7sCo4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0
truncated
/ 		185 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92c2683be6b442107242edb6de07ac4c349abdbee834ef7c46af6ec7d46c2eb8

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
buttons
www.sandbox.paypal.com/smart/ Frame 4CDA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=silver&style.shape=rect&style.tagline=false&style.menuPlacement=below&allowBillingPayments=true&applePaySupport=false&buttonSessionID=uid_9b1f9d5075_mtq6mdm6mdm&buttonSize=huge&customerId=&clientID=AfAoDJ3gJsyBPPb42vTOefqtMxn3Lc76Aa6al7pupHfo90HcFXB_WkUPH2WV7d-22jS5aKO_qTgG87Cr&clientMetadataID=uid_bb32888d4e_mtq6mdm6mdm&commit=true&components.0=buttons&currency=EUR&debug=false&disableSetCookie=true&env=sandbox&experiment.enableVenmo=false&experiment.venmoVaultWithoutPurchase=false&experiment.venmoWebEnabled=false&flow=purchase&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOmZhbHNlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwibWFlc3RybyI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGluZXJzIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJjdXAiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOnRydWV9LCJpZGVhbCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJiYW5jb250YWN0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImdpcm9wYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwiZXBzIjp7ImVsaWdpYmxlIjpmYWxzZX0sInNvZm9ydCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJteWJhbmsiOnsiZWxpZ2libGUiOmZhbHNlfSwicDI0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6dHJ1ZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOnRydWV9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&intent=capture&locale.country=US&locale.lang=en&hasShippingCallback=false&platform=desktop&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=card&sessionID=uid_bb32888d4e_mtq6mdm6mdm&sdkCorrelationID=f673176c97d2d&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWZBb0RKM2dKc3lCUFBiNDJ2VE9lZnF0TXhuM0xjNzZBYTZhbDdwdXBIZm85MEhjRlhCX1drVVBIMldWN2QtMjJqUzVhS09fcVRnRzg3Q3ImY3VycmVuY3k9RVVSIiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfdWFyZnFrcmRqcnJqZHJpaXNlamxqZnJkY2NscHpmIn19&sdkVersion=5.0.457&storageID=uid_a0ad2d5b0c_mtq6mdm6mdm&supportedNativeBrowser=false&supportsPopups=true&vault=false
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AfAoDJ3gJsyBPPb42vTOefqtMxn3Lc76Aa6al7pupHfo90HcFXB_WkUPH2WV7d-22jS5aKO_qTgG87Cr&currency=EUR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.venmo.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypal.helden.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-disposition
inline
content-encoding
gzip
content-security-policy
form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.venmo.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sun, 01 Sep 2024 14:03:04 GMT
etag
W/"7a56a-xHxiNUYoGApb98dKb+/mxhppG7I"
http_x_pp_az_locator
ccg18.slc
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p
true
paypal-debug-id
f8315289a611c
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc=gzip
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f8315289a611c-440df86f64758ba5-01
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-csrf-jwt
__blank__
x-served-by
cache-fra-etou8220113-FRA, cache-fra-etou8220113-FRA
x-sigsci-origin-status
200
x-timer
S1725199384.072065,VS0,VE429
x-xss-protection
1; mode=block
paypal-blue.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame 390F 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/js-sdk-logos/2.2.7/paypal-blue.svg
Requested by
Host: paypal.helden.dev
URL: https://paypal.helden.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CBA) /
Resource Hash
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 01 Sep 2024 14:03:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
e0953c7feefe8
dc
ccg11-origin-www-1.paypal.com
content-length
1207
last-modified
Tue, 04 Apr 2023 21:46:19 GMT
server
ECAcc (frc/4CBA)
traceparent
00-0000000000000000000e0953c7feefe8-86f3c87ec4d932d9-01
etag
W/"642c9aab-cc2"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sun, 01 Sep 2024 15:03:04 GMT
sepa-default.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame 390F 		9 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/js-sdk-logos/2.2.7/sepa-default.svg
Requested by
Host: paypal.helden.dev
URL: https://paypal.helden.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CCC) /
Resource Hash
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 01 Sep 2024 14:03:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
478c2d4abfe01
dc
ccg11-origin-www-1.paypal.com
content-length
3269
last-modified
Tue, 04 Apr 2023 21:46:19 GMT
server
ECAcc (frc/4CCC)
traceparent
00-0000000000000000000478c2d4abfe01-313ccdf5bc63f5ea-01
etag
W/"642c9aab-2204"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sun, 01 Sep 2024 15:03:04 GMT
card-white.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame 390F 		1 KB
760 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/js-sdk-logos/2.2.7/card-white.svg
Requested by
Host: paypal.helden.dev
URL: https://paypal.helden.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CA3) /
Resource Hash
1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 01 Sep 2024 14:03:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
9919b84483bcb
dc
ccg11-origin-www-1.paypal.com
content-length
637
last-modified
Tue, 04 Apr 2023 21:46:19 GMT
server
ECAcc (frc/4CA3)
traceparent
00-00000000000000000009919b84483bcb-5c96c007225a90ba-01
etag
W/"642c9aab-54e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sun, 01 Sep 2024 15:03:04 GMT
favicon.ico
paypal.helden.dev/ 		0
184 B 		Other
General
Check archive.org
Download Go to
Full URL
https://paypal.helden.dev/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
140.82.38.210 Frankfurt am Main, Germany, ASN20473 (AS-CHOOPA, US),
Reverse DNS
140.82.38.210.vultrusercontent.com
Software
nginx-rc /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paypal.helden.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 01 Sep 2024 14:03:04 GMT
x-content-type-options
nosniff
last-modified
Fri, 31 Mar 2023 21:06:23 GMT
server
nginx-rc
etag
"64274b4f-0"
x-frame-options
SAMEORIGIN
content-type
image/x-icon
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
logger
www.sandbox.paypal.com/xoplatform/logger/api/ 		960 B
829 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AfAoDJ3gJsyBPPb42vTOefqtMxn3Lc76Aa6al7pupHfo90HcFXB_WkUPH2WV7d-22jS5aKO_qTgG87Cr&currency=EUR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4b52f8a5f24ff9d87575404d081a19df289e0b64d621e69471071031238a63a8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://paypal.helden.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Sun, 01 Sep 2024 14:03:05 GMT
via
1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-sigsci-origin-status
200
x-cache
MISS, MISS
paypal-debug-id
f264148dd4e92
http_x_pp_az_locator
ccg18.slc
x-served-by
cache-fra-etou8220123-FRA, cache-fra-etou8220123-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f264148dd4e92-73987a9223bb6cbb-01
x-timer
S1725199385.122572,VS0,VE184
etag
W/"3c0-Hx9tApF8GHLIMIswszKTyTrRCio"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paypal.helden.dev
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0
logger
www.sandbox.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://paypal.helden.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
none
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://paypal.helden.dev
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
br
date
Sun, 01 Sep 2024 14:03:05 GMT
http_x_pp_az_locator
ccg18.slc
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f2641485d2576
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f2641485d2576-3fc753f91cec5a77-01
vary
accept-encoding
via
1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-served-by
cache-fra-etou8220137-FRA, cache-fra-etou8220123-FRA
x-sigsci-origin-status
200
x-timer
S1725199385.921846,VS0,VE174

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| regeneratorRuntime function| _ object| tailwindCSS object| tailwindcss-jit-cdn string| /htmlInput object| __post_robot_11_0_0___uid_uarfqkrdjrrjdriisejljfrdcclpzf object| paypal object| __zoid_10_3_3___uid_uarfqkrdjrrjdriisejljfrdcclpzf string| firstname string| lastname string| streetaddress string| city string| postalcode string| country string| amount

2 Cookies

Domain/Path Name / Value
paypal.helden.dev/ Name: XSRF-TOKEN
Value: eyJpdiI6IlBTaHI3UjZ2MHNyU1hNaVNSSlBwVUE9PSIsInZhbHVlIjoiclNSREZKWWp1N1JuTkpqSzdQY3FlMHFoTVk2RXAxcmZVU1N3WU4vS0hUUW9XdnBPREt0eElaSjZUbmtNOHJydjRDUzZUNGhmVUZVQXJ5S0h1YlJwMGhBUXd1QlgyT2pzLzlpYzhYNDhzclp0MmF0Y0UzZElZd2o0VlpTakFQUlIiLCJtYWMiOiI3MTg4MTNhZGFkMmU5MjIyOGI4NGUwNTJmODhhYmEwNzczNTEyZDA0MTBlMzI4MjBlMTEwMzY4M2FkMjE1YzkwIiwidGFnIjoiIn0%3D
paypal.helden.dev/ Name: laravel_session
Value: eyJpdiI6ImEwS1NxeWk5VEt1OG9STE55VUJwVWc9PSIsInZhbHVlIjoiRFVhR2VhYWdpWWp4dUh3L1d0dzhQMmcxWDVDQ3d5TmZMOHJCTEtuUE5TMjBwTi9jbXZ4cjUwOXFqZGVRYklZMVhKUFA4cDRPdlhqTklneHdtZnRVUmt0UThxVGFsNlhnRUlLRE1NTC95MVFDWFpMQjdtZW5BeWJNbVhhL1U2cmsiLCJtYWMiOiIwNTAxMWY2YTI5Yzc2MTM2Yjc3YTA2MTkwM2EzZDNiZjc0ZDI2NDRlYmI4NWIxNmVmOTQwOTRiZGY2MmIyZjA4IiwidGFnIjoiIn0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block