urlscan.io logo urlscan.io
SecurityTrails logo

app.espresa.com Open in urlscan Pro
52.34.136.107  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.espresa.com/
Effective URL: https://app.espresa.com/portal/
Submission: On January 19 via api from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 3 countries across 15 domains to perform 103 HTTP transactions. The main IP is 52.34.136.107, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is app.espresa.com. The Cisco Umbrella rank of the primary domain is 554764.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 22nd 2023. Valid for: a year.
This is the only time app.espresa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    34.214.17.226 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-214-17-226.us-west-2.compute.amazonaws.com
app.espresa.com
5    52.34.136.107 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-136-107.us-west-2.compute.amazonaws.com
app.espresa.com
73    18.66.248.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-39.dus51.r.cloudfront.net
cdn.prod.espresa.com
1    18.173.225.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-225-115.dus51.r.cloudfront.net
www.datadoghq-browser-agent.com
2    2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    162.159.128.61 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
2    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
3    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
translate.google.com
1    151.101.193.81 (United States)

ASN54113 (FASTLY, US)
widgets-sandbox.marqeta.com
1    18.66.248.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-56.dus51.r.cloudfront.net
cdn.plaid.com
1    18.66.248.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-61.dus51.r.cloudfront.net
static.hotjar.com
1    18.173.233.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-233-79.dus51.r.cloudfront.net
script.hotjar.com
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
translate.googleapis.com
1    18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net
vc.hotjar.io
3    2600:1f18:24e6:b901:fa01:7221:3063:f681 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rum.browser-intake-datadoghq.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    2600:9000:224a:5c00:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    34.211.160.129 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-211-160-129.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
79 espresa.com
app.espresa.com — Cisco Umbrella Rank: 554764
cdn.prod.espresa.com — Cisco Umbrella Rank: 644856
2 MB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1227
q.stripe.com — Cisco Umbrella Rank: 7010
m.stripe.com — Cisco Umbrella Rank: 1188
166 KB
3 browser-intake-datadoghq.com
rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 1960
1 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1315
18 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 681
script.hotjar.com — Cisco Umbrella Rank: 996
60 KB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 75
69 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4957
22 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2633
258 B
1 googleapis.com
translate.googleapis.com — Cisco Umbrella Rank: 800
72 KB
1 gstatic.com
www.gstatic.com
5 KB
1 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 14348
43 KB
1 marqeta.com
widgets-sandbox.marqeta.com — Cisco Umbrella Rank: 720088
14 KB
1 google.com
translate.google.com — Cisco Umbrella Rank: 1164
31 KB
1 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 1876
12 KB
1 datadoghq-browser-agent.com
www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1454
48 KB
103 15
Domain Requested by
73 cdn.prod.espresa.com app.espresa.com
cdn.prod.espresa.com
www.datadoghq-browser-agent.com
6 app.espresa.com 2 redirects cdn.prod.espresa.com
www.datadoghq-browser-agent.com
3 q.stripe.com app.espresa.com
3 rum.browser-intake-datadoghq.com www.datadoghq-browser-agent.com
3 js.stripe.com app.espresa.com
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 www.youtube.com app.espresa.com
www.youtube.com
2 browser.sentry-cdn.com app.espresa.com
1 m.stripe.com m.stripe.network
1 vc.hotjar.io script.hotjar.com
1 translate.googleapis.com
1 www.gstatic.com
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com app.espresa.com
1 cdn.plaid.com app.espresa.com
1 widgets-sandbox.marqeta.com app.espresa.com
1 translate.google.com app.espresa.com
1 player.vimeo.com app.espresa.com
1 www.datadoghq-browser-agent.com app.espresa.com
103 19

This site contains links to these domains. Also see Links.

Domain
itunes.apple.com
play.google.com
www.espresa.com
Subject Issuer Validity Valid
*.espresa.com
Amazon RSA 2048 M03		 2023-12-22 -
2025-01-19		 a year crt.sh
espresa.com
Amazon RSA 2048 M03		 2023-11-18 -
2024-12-16		 a year crt.sh
*.datadoghq-browser-agent.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-12 -
2024-12-14		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-01 -
2024-09-01		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-03-01 -
2024-02-29		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-01-02 -
2024-04-04		 3 months crt.sh
widgets-sandbox.marqeta.com
R3		 2023-12-10 -
2024-03-09		 3 months crt.sh
secure.plaid.com
DigiCert EV RSA CA G2		 2023-03-09 -
2024-04-08		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.browser-intake-datadoghq.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-17 -
2024-06-18		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-12-20 -
2024-03-21		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-22 -
2024-03-21		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://app.espresa.com/portal/
Frame ID: E2C1DD25DB5B2B93B07E4DA30A276142
Requests: 94 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 323B8F74D35BDFCA979F881122637901
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: A8AC08E49AC346677B90C4AD39773E21
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Espresa

Page URL History Show full URLs

  1. http://app.espresa.com/ HTTP 301
    https://app.espresa.com/ HTTP 302
    https://app.espresa.com/portal/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • highcharts.*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
  • \bangular.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • lodash.*\.js
Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?slick-theme\.css
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • underscore.*\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

103
Requests

100 %
HTTPS

35 %
IPv6

15
Domains

19
Subdomains

19
IPs

3
Countries

2384 kB
Transfer

9697 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.espresa.com/ HTTP 301
    https://app.espresa.com/ HTTP 302
    https://app.espresa.com/portal/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

103 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.espresa.com/portal/
Redirect Chain
  • http://app.espresa.com/
  • https://app.espresa.com/
  • https://app.espresa.com/portal/
19 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.34.136.107 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-136-107.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
7fa240fc9071498bf4a0d15f5e312adf6929001628936804d6e66b54ead22bc3
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com 'nonce-LkH5ehXMDf57hP+YDzOpnA=='; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; base-uri 'none'; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; frame-ancestors http: https: ftp: ftps:; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate, private
content-encoding
gzip
content-language
nl
content-length
4221
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com 'nonce-LkH5ehXMDf57hP+YDzOpnA=='; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; base-uri 'none'; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; frame-ancestors http: https: ftp: ftps:; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Fri, 19 Jan 2024 04:14:12 GMT
expires
Fri, 19 Jan 2024 04:14:12 GMT
index-hash
25fefa1ef7ed26a7bd85a707541dc07d
referrer-policy
same-origin
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Language, Cookie, origin, Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate, private
content-language
nl
content-length
0
content-security-policy
base-uri 'none'; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com; frame-ancestors http: https: ftp: ftps:; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Fri, 19 Jan 2024 04:14:12 GMT
expires
Fri, 19 Jan 2024 04:14:12 GMT
index-hash
25fefa1ef7ed26a7bd85a707541dc07d
location
https://app.espresa.com/portal/#/login
referrer-policy
same-origin
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Language, origin, Cookie
x-content-type-options
nosniff
x-frame-options
DENY
fix-blinking.min.css
cdn.prod.espresa.com/static/app/ 		128 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/fix-blinking.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbcfa062bb4ebadff034e84427512a1452e4a5303fccdd67abe84d402511b4c0
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 13:40:21 GMT
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
52464
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
128
last-modified
Wed, 17 Jan 2024 11:35:10 GMT
server
AmazonS3
etag
"e4e9f9754a1d4a8c2ec2a9cf65730ba5"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
0thfw3Cpj081tVznR3OP1cftd5a_nHdQ7TVFbsxOteT939YlFqhpCw==
fonts.min.css
cdn.prod.espresa.com/static/app/assets/fonts/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99a1f89d54f46e1897a07f69de9140bd6ea8146b665fa26052da6075626b061d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:37:02 GMT
server
AmazonS3
etag
W/"ca05b06859eb183ec0e42f19d194cb64"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
35izq1KXavK37QWbD8-Hw6L1WQ_eB5g01KrLAyp6860xHgl4WDQ-Qg==
bootstrap.min.css
cdn.prod.espresa.com/static/bower_components/bootstrap/dist/css/ 		119 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/bootstrap/dist/css/bootstrap.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dc6ffe00ea357a0f8ce9d0104243cd52ed4a09e4c4594d27dbe5b44c3af92c4d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:44 GMT
server
AmazonS3
etag
W/"e4144b27ffe4358234ea86d48c68b3af"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
oy9GO7kHS2SA4lBp-DcWORTW0SYSSq-KHFVRfH7SB9FGGWpgYA7zsQ==
jquery-ui.min.css
cdn.prod.espresa.com/static/bower_components/jquery-ui/ 		31 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/jquery-ui/jquery-ui.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
29bb97518fad77c095e12b38fab4e2d7feaa2f5a4898385a0439dbbef21fbf52
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:27 GMT
server
AmazonS3
etag
W/"fc0c010ba36c153bfb2af9c6e6d10148"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
K_3fQkVHGfI6xTllLX_L9Zhu9Ka6Kkr1BHFoFtodi-0sjvBoI5tovA==
jquery-ui.structure.min.css
cdn.prod.espresa.com/static/bower_components/jquery-ui/ 		15 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/jquery-ui/jquery-ui.structure.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
29f4fbefad4b5ec62b509f075a7fe116e9c6471d331c110b9d17c0ad5ec80436
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:28 GMT
server
AmazonS3
etag
W/"5a1d741302fc59c8b298057a5c797bb5"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
XJGxwWXkeElkbI9J-UiN1XEJYqJ5DYpJkH-r_tK70utOcCsWUrZ6yA==
jquery-ui.theme.min.css
cdn.prod.espresa.com/static/bower_components/jquery-ui/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/jquery-ui/jquery-ui.theme.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8a3498b987a36d13115fc555204f13000a6872b74c84dadcf6d0888f34b36bd
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:28 GMT
server
AmazonS3
etag
W/"f66ec9224db9243a19b18a252c15cbdd"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
LMSZNy7CYBJkbLV9Nn16E88oXX963B0r9rSNVKQjLbtX645oVvrJsA==
quill.snow.css
cdn.prod.espresa.com/static/bower_components/quill/dist/ 		65 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/quill/dist/quill.snow.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4ec3b0c61c05f634d980caa7b68751a65bf6fcaa03ffe807014782b701a97022
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:07 GMT
server
AmazonS3
etag
W/"b9efd621fd171fb9c056378a7670a5ee"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
LeLkhECOszBQLreFw_mvwJtaceXdjC3n3C59LvMyi-AkaitakBaF2A==
datadog-rum.js
www.datadoghq-browser-agent.com/us1/v4/ 		150 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.225.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-225-115.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:13:35 GMT
content-encoding
br
via
1.1 fffeeadd9939f8749b5df669fcf4e936.cloudfront.net (CloudFront)
last-modified
Mon, 09 Oct 2023 09:24:57 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P3
age
38
x-amz-server-side-encryption
AES256
etag
W/"2630b3d7ad4a41fac67742216e506d83"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=14400, s-maxage=60
timing-allow-origin
*
x-amz-cf-id
ETFYwtGcizvdJUV1cvWbG0iGXJuIjGFPZ-W4qw-CnSX1roOPJ2jxvQ==
font-awesome.min.css
cdn.prod.espresa.com/static/bower_components/fontawesome/css/ 		23 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/fontawesome/css/font-awesome.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:55 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56626
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:34 GMT
server
AmazonS3
etag
W/"04425bbdc6243fc6e54bf8984fe50330"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
xP94o5Anxg-3gZx5I8ifA7azMAr52PF1xvfxo1_3gFfkyxfyX0P8bQ==
fullcalendar.min.css
cdn.prod.espresa.com/static/bower_components/fullcalendar/dist/ 		16 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/fullcalendar/dist/fullcalendar.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
93f5c7d2340d52a0817cd821cdf0fb03bd9336f142b6921187df087bd5ef302d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:33:08 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56476
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 12:30:53 GMT
server
AmazonS3
etag
W/"a3f5a337345c6d440d8a6aeac931afdb"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
brgf4Y3Q4QzmxD84me0FPbILfHcyWubSfUFubSlb0dgQRLwckJEuQw==
scheduler.min.css
cdn.prod.espresa.com/static/bower_components/fullcalendar-scheduler/dist/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/fullcalendar-scheduler/dist/scheduler.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c44cf84e3ecde30b60aae7f3c71e97daab38da884b88fb1b7cafd9f45a4b854f
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:55 GMT
server
AmazonS3
etag
W/"809e8b96a8c4d22d2bc754836cc27ddb"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
H5wZYfzN3hIjO_hzFTqubcNj-hDZmeokxKfsjS9wML8emR6_-ziSTA==
select.css
cdn.prod.espresa.com/static/bower_components/angular-ui-select/dist/ 		11 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-ui-select/dist/select.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cca95184a5b43a18e52c39192baf2371518daa621ebd1a8b13af75c50de084cc
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:51 GMT
server
AmazonS3
etag
W/"83568b770c2f8a20be49edcc8dddfb70"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
40eGN_qBqJQySzxF4JQsjDsXcTkNAlreT0zHBqYSRogKFFZgcUWaxA==
colorpicker.min.css
cdn.prod.espresa.com/static/bower_components/angular-bootstrap-colorpicker/css/ 		16 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-bootstrap-colorpicker/css/colorpicker.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a3e677a1295c85f2fcd11375c50518aa50875a9f8f490a172d1836e8f8b5a07
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:09 GMT
server
AmazonS3
etag
W/"8d41b847910f316dcedfc6a45ee97cbf"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
D-4XKwurJ8ebGUapplLnd2CrcbVrymDlGlKiDtaMBdnoYKfA6A3raA==
rzslider.css
cdn.prod.espresa.com/static/bower_components/angularjs-slider/dist/ 		15 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angularjs-slider/dist/rzslider.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f53d5fd2b3769b28325693a7dd6804fb5209b9bf843096d6b116dab97d12091d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56625
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:25 GMT
server
AmazonS3
etag
W/"7a5a7c4c3509a49ccbebc21008d8b9a8"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
B2zkIWhf3oJ0lwhLWDI7Vpufpez4tE3e59ba7GTsVlHw_aJ5gKDi1g==
slick.css
cdn.prod.espresa.com/static/bower_components/slick-carousel/slick/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/slick-carousel/slick/slick.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d917660c3d6f7aad32ebc4b0012c6d0bb84a13e201a012e334bcca4b9f4686c9
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:26 GMT
server
AmazonS3
etag
W/"13b1b6672b8cfb0d9ae7f899f1c42875"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
34-dX5cQg38q8R0mknXhCLI6FQQP7SIR_z0ZpHqIPLfj4c_InTm3kQ==
ngCropperjs.all.min.css
cdn.prod.espresa.com/static/bower_components/ng-cropperjs/dist/ 		4 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/ng-cropperjs/dist/ngCropperjs.all.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d12543ca3ea45141d6dddb3bca50f46a0c3edaf58099638d1f726cd3ff277440
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:50 GMT
server
AmazonS3
etag
W/"cf4de4f7b141a1ddf9d9c7021527e2de"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
L77epCKnRqCHrqW3LS49tW8cOwcwix5Y7R00v-4QN2ry2xavrESnPw==
index.min.css
cdn.prod.espresa.com/static/app/ 		1 MB
170 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cdbad18a20f9469c18994cc59e4d3808e092691f3f7a67b319581a06aa93a999
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:10 GMT
server
AmazonS3
etag
W/"8fb4a70a416df10ac93d7964324aab33"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
TkKvbg81GMHIPHlwJnCsXDjsuF3ATVp389Scn6KcIKxM3D_NYutu6w==
slick-theme.css
cdn.prod.espresa.com/static/bower_components/slick-carousel/slick/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/slick-carousel/slick/slick-theme.css?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:26 GMT
server
AmazonS3
etag
W/"f9faba678c4d6dcfdde69e5b11b37a2e"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/css
cache-control
max-age=86400
x-amz-cf-id
cSWdUCEzrmiuuJ8eBP7cV1f2RvIoqoChDR7Vjk30pHI9fvdD-oOFvg==
bundle.min.js
browser.sentry-cdn.com/6.19.7/ 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/6.19.7/bundle.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
Origin
https://app.espresa.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:12 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 26 Apr 2022 13:11:05 GMT
server
Fastly
age
142651
etag
"4dc87c1e025f84ef0d14fe9187946dfd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
20887
expires
Thu, 16 Jan 2025 12:36:41 GMT
angular.min.js
browser.sentry-cdn.com/6.19.7/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/6.19.7/angular.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
Origin
https://app.espresa.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:12 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 26 Apr 2022 13:11:05 GMT
server
Fastly
age
142651
etag
"14f18525c8f97317f08d5cc6f80a1953"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
882
expires
Thu, 16 Jan 2025 12:36:41 GMT
jquery.min.js
cdn.prod.espresa.com/static/bower_components/jquery/dist/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/jquery/dist/jquery.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:40 GMT
server
AmazonS3
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
xx4IYM1fudFrJDPPPMcu-4YUcoZYvDuqT_IJGhmsXvjGkylgRjJMuA==
angular.min.js
cdn.prod.espresa.com/static/bower_components/angular/ 		173 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular/angular.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
24103af48b9ee0409c9178cd92eba5dc3cdf0c76827b7c265c4f6f681b4dc176
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:47:40 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
55650
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:30 GMT
server
AmazonS3
etag
W/"a8b55518d979465737523088a9007e74"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
MNEht2M7FhHEF8olUkB7It0elYfZP9yTP6KkKteOC88FetIfMCOHdA==
angular-aria.min.js
cdn.prod.espresa.com/static/bower_components/angular-aria/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-aria/angular-aria.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40ced4e99411a77f3b98712e1b340a28ba33160eca965a8453eb07984220a02d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:30 GMT
server
AmazonS3
etag
W/"727773d099e3e73ffb4efe2deb1015e7"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
FSdzclLgg21MHLG93wCJko3qan-ppeJp6t5y1au-uV_2H8tYz1-oAQ==
angular-animate.min.js
cdn.prod.espresa.com/static/bower_components/angular-animate/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-animate/angular-animate.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
91dd61cff58efd54434d6bbea42fe6c0eed1af42968e9c592fb516736395c22a
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:56 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56626
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:43 GMT
server
AmazonS3
etag
W/"cbdb8547d6c9db7f423e2349d23e003c"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
reczxoxae-l3WoeqHyxag8c73OBwVRbaujeUqeO06nrtS1urk9IySQ==
angular-cookies.min.js
cdn.prod.espresa.com/static/bower_components/angular-cookies/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-cookies/angular-cookies.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
14dd592e11b348118b490883a60bdaccb4b049c9a8e9f1b79f933d61e3cafd75
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:30 GMT
server
AmazonS3
etag
W/"6778e66773d44a1f9fab3c9d13ad539b"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
HrEjt6U1itSsCbdmhOeHuPzWJWpzyPiT5YHihUQwJtV8-duioLM-3Q==
angular-touch.min.js
cdn.prod.espresa.com/static/bower_components/angular-touch/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-touch/angular-touch.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e4bd11692e04ce20e8db6d96249a94dc2ccf02c49c3d8409c44396d641e52a72
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:50 GMT
server
AmazonS3
etag
W/"f60388ccd11b0128ee8ee808c9701542"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
OKJwPZ8yW7eNTKEXzXu5oavOlCA7-YR23yrqQMvQmNs0PLxHrrIAPg==
angular-sanitize.min.js
cdn.prod.espresa.com/static/bower_components/angular-sanitize/ 		6 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-sanitize/angular-sanitize.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e8d479b61e09797aa910a2de2d84cb0bdd8d1e26acd061ec713082ddd57839a
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:27 GMT
server
AmazonS3
etag
W/"274dd426608803df7b40b19238c19397"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
hgjcTtBQBNZxKT0nBFvsS16j0qpaO2stPz05AUwKSgTLW98_F82jBg==
jquery-ui.min.js
cdn.prod.espresa.com/static/bower_components/jquery-ui/ 		249 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/jquery-ui/jquery-ui.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f913921ac2e4d43fcb79e8f87d3c69df3a8c3c9a5ded30d8610b4f3ca6063d3a
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:28 GMT
server
AmazonS3
etag
W/"5148d8a88a6071cafc2a2b7e4a4c592c"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
WmHoGPLuLcPXcgNhSeQlJmTu532a-lcPzX13pJtXEw00n5cl_Pb_Pw==
angular-route.min.js
cdn.prod.espresa.com/static/bower_components/angular-route/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-route/angular-route.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c34f2aef7baa04ca110899ca685207323346266b7740deaa1f077aafb75ee4cb
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:24 GMT
server
AmazonS3
etag
W/"83f4d107c6992678c6f86f91452f4ded"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
2IPwUuCvXFSUVZyOv4CRIER029NugJ0mFbVNKcehiwGq3018Ws-UVQ==
ui-bootstrap-tpls.min.js
cdn.prod.espresa.com/static/bower_components/angular-bootstrap/ 		123 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b727d65b62ed250348fa5dc5d21eb10d5fe28fa31f9fc97048a1d63ac9848173
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:09 GMT
server
AmazonS3
etag
W/"c572f42d057f681abb138e2c2c966157"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
DFdvC4K3JIEExgB_TEt9HHfP8z7P0i6fiS4roMDE6wmEzTf6RDQb-Q==
lodash.min.js
cdn.prod.espresa.com/static/bower_components/lodash/ 		49 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/lodash/lodash.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf63c4491140de87027557a7c15c741f65c83d98274347b105a06a20e05ce78d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:29 GMT
server
AmazonS3
etag
W/"7629cac4f079926ef505e2271bb5135f"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
PF7cayLMb9APyiPJ4POJg1fwoit7jPMgblt1o0tbEBUaTD67LNc_fg==
angular-ui-router.min.js
cdn.prod.espresa.com/static/bower_components/angular-ui-router/release/ 		33 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-ui-router/release/angular-ui-router.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
396c4ad3d6c4a78e47b29a1d8e526bc83a72b61ead1b14b297752af2e8ab1005
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56625
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:23 GMT
server
AmazonS3
etag
W/"1f33a4658268b2e87515fe680a0f966d"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
ZQPZvE82AV9Fb1TxpewHq1vWzmiojrV2M4BIUvuz2cTzUD2UKwrAbA==
underscore-min.js
cdn.prod.espresa.com/static/bower_components/underscore/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/underscore/underscore-min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22b404d34700979e4c9746c855a72f38d926d317ca16336e1e24614664a6ff2e
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:30 GMT
server
AmazonS3
etag
W/"b87f566fe06d9943ad7fe234667a8154"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
T6mTO-d4b0kNMmRjwJB3OEwHVT6oSnuzOUHLs81mBSaNg1NxDUgszg==
moment.js
cdn.prod.espresa.com/static/bower_components/moment/ 		172 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/moment/moment.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7dc0a51c32dae143f2eade235145dfd6a7756388c0f0bf409fa373dd6c233629
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:56 GMT
server
AmazonS3
etag
W/"57246fb66210c7189fe95ca299666959"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
JWVH4yHTuSQMYr-jMhpryNd7iS1EcJIAy3oHTJN844eLdPt4RvFa3Q==
fullcalendar.js
cdn.prod.espresa.com/static/bower_components/fullcalendar/dist/ 		620 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/fullcalendar/dist/fullcalendar.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7049fe681fcb9ab0b698cb386df97d09c06604016d36f6ee0888abe9aa566cdb
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:48 GMT
server
AmazonS3
etag
W/"1bf191607589a43f8ca12e8ff615ed04"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
Zv8tJ11lh_EyrV7aalXj8_laxiFDSkUpYl5B9R2ob6gUymxOjpp4yw==
scheduler.min.js
cdn.prod.espresa.com/static/bower_components/fullcalendar-scheduler/dist/ 		101 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/fullcalendar-scheduler/dist/scheduler.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b50388552d0e7e936b83cf21a2633f39215e57cb044e5c5f4e8028059bcecb2d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:55 GMT
server
AmazonS3
etag
W/"bcbd413a27017dd43e8463ffc602263f"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
L20twoMub33s5An4KB5NnMt-kzTLHmGdElSwyzLjYzdUoBMQ6gkSQg==
angular-file-upload.min.js
cdn.prod.espresa.com/static/bower_components/angular-file-upload/dist/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-file-upload/dist/angular-file-upload.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ab63704a79519f09815b1693aa7bc0221234d9049cb40f5ab110fd3221caec49
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:47 GMT
server
AmazonS3
etag
W/"92a11cd0f52f3b4f2e0cef27d68fa70e"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
6CCKu9twFDIa0pEEEtudzwFqRKhbGM2k3z9e5DUf5uG-ld1YpJE4Yg==
angular-google-maps.min.js
cdn.prod.espresa.com/static/bower_components/angular-google-maps/dist/ 		200 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-google-maps/dist/angular-google-maps.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9565c2844335c6d78993d7d037fd6a93b722ca0bfe0b1094e32e2f792238c29f
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:08 GMT
server
AmazonS3
etag
W/"6d10187ec1e7ee27c44c0fc4ab8ca49d"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
2mBZQ_4WofaGPc0QKGR5LthQEJ_7JAHMS8miBnAg_q2TGryzkUU0mw==
select.min.js
cdn.prod.espresa.com/static/bower_components/angular-ui-select/dist/ 		47 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-ui-select/dist/select.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2c2213b64fbf14d006d891972ff12062a72aea19d4d303d646555c626394bf16
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:51 GMT
server
AmazonS3
etag
W/"12cb6671c8fd1e863011db3e10797858"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
E2wXyoTMOZxgGmZ2iZljqqK6v1PqVxtEkPyuXs9xT6AFk5YjD1VMSw==
sortable.min.js
cdn.prod.espresa.com/static/bower_components/angular-ui-sortable/ 		5 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-ui-sortable/sortable.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
88973ad5cefa421a85874182a1c273f8bdcdf6ab17a78e5894e72c6f5231ce55
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:46 GMT
server
AmazonS3
etag
W/"59cb3f206bb68eea08d69cea9ea559b0"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
rIHFVPx58IPRToij7xUB4GkuPzlJyL-Z8TZfxMB4A9YxDEnarYMl-Q==
ng-websocket.js
cdn.prod.espresa.com/static/bower_components/ng-websocket/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/ng-websocket/ng-websocket.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c3efdbe3b5dc306b14ed939f54b6a286c5e851bfeb3a14c4aa54b788b5dda4d6
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:22 GMT
server
AmazonS3
etag
W/"da2666949eb4a13e1f37ddabba051a20"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
FKyjg9NHcRXmdPt8vad4W4f26zA-6pfoIsuW9B8P1Ezc9MfW6ybiVQ==
highcharts.js
cdn.prod.espresa.com/static/bower_components/highcharts/ 		202 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/highcharts/highcharts.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1d43fc95f84364c007fa49c61fcac91b8c269e477e336a998a4246bff00eda1f
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:53 GMT
server
AmazonS3
etag
W/"7823a3aa84a3c4b85c421f53399a863b"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
kRTtCtrP-Ef768R-uG9TabJQR_OyH9kp0gfnfNj7jZ_AN9KJsrWVxw==
quill.js
cdn.prod.espresa.com/static/bower_components/quill/dist/ 		331 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/quill/dist/quill.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9eef3861f5cedfb286eb1e52ded1f813bacf11082ddcfc23e7c896164b08039
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:08 GMT
server
AmazonS3
etag
W/"701d13d12a7fc7a2c68543db44c28a06"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
eoCEeXx1qjHeeUTsyqzucIJff3zDrmNj7dcPJoVHsXq_BA89iEP8Pw==
ng-quill.min.js
cdn.prod.espresa.com/static/bower_components/ngQuill/src/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/ngQuill/src/ng-quill.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2aa6e1e303225202e848b6613e71c0d9c973b8fa80ca112bc42943fd5cfd9ef4
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:34 GMT
server
AmazonS3
etag
W/"e3ed4058c1094d98ffb2966c8ed480e4"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
UxeXYlUbj904yP6y8pMrMpdeSfS7da9PvviYnxsJt-GDdlZvvDXQvg==
readmore.min.js
cdn.prod.espresa.com/static/bower_components/angular-read-more/dist/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-read-more/dist/readmore.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a7f376d187614b8774414b045caea55331a22f21bc9a22e78f2ac67a73f0f8e2
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:30 GMT
server
AmazonS3
etag
W/"e250db9165ea555d8de65e2258a28abe"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
ltxXBc1jOe1nKJlSvfketc__IZqkDzDhXs7opR68QT8LJCMWXnGpcQ==
clipboard.js
cdn.prod.espresa.com/static/bower_components/clipboard/dist/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/clipboard/dist/clipboard.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c35ba42e1dcbca7027adf7a7ba1b3b65f9ed37ef580c6063af06afb4257b8288
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:48 GMT
server
AmazonS3
etag
W/"35087b4c975ff6fe10ae99640fa9160e"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
_hLrsvOC7FBLbVxcD5r6yWVREM2agZp26fkFVg5YXka2yDJkdirygw==
ngclipboard.js
cdn.prod.espresa.com/static/bower_components/ngclipboard/dist/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/ngclipboard/dist/ngclipboard.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
272cb08ecf2c8522966e1b85e037c34b4e2573ba9b214968100acee2851ed916
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:04 GMT
server
AmazonS3
etag
W/"81c7b7e2f3907716b11a60dbe61fb0e7"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
NRykrF5TxbD2_9r4ImfcvJ_eKasVagfkTOTrypbHtd57ynESfoIkmA==
moment-timezone-with-data-10-year-range.min.js
cdn.prod.espresa.com/static/bower_components/moment-timezone/builds/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/moment-timezone/builds/moment-timezone-with-data-10-year-range.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f76f83f75befd2e33f03cf321c125633b076b17bd5725f2090d30175b995a57
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:06 GMT
server
AmazonS3
etag
W/"3d5f23458132990bf0544a307959d4de"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
zRZcTEPYRAigOlV2JTgNSbE3kMC5rnLLFhww8pPyTM8lop1KnAVLhw==
bootstrap-colorpicker-module.js
cdn.prod.espresa.com/static/bower_components/angular-bootstrap-colorpicker/js/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-bootstrap-colorpicker/js/bootstrap-colorpicker-module.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22832a4e8d3de68ac14cccedb599f8a97d036739b8e491b2479e6317c182749c
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:09 GMT
server
AmazonS3
etag
W/"438b3d9474cac9bc1f5af5972a630894"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
7s7dBTQ0fkqFf8ou29JkqZrE1j-d3t8bBrRVK5oRUmRbz10Lv_oL-Q==
rzslider.js
cdn.prod.espresa.com/static/bower_components/angularjs-slider/dist/ 		90 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angularjs-slider/dist/rzslider.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5c0cb07ac75e2a1911086758d4af52caffe90755f367517226e64e1cfd2041af
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:24 GMT
server
AmazonS3
etag
W/"d20483dc232cc43d8cac4fbb6800a8a0"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
q5qMJkqmlczW6-5xAze9mYr9mbNpI2clFxZPhEgdfs4DNoZYeGraWw==
svgxuse.js
cdn.prod.espresa.com/static/bower_components/svgxuse/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/svgxuse/svgxuse.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4d4fa78c606eed3d43adf2a0381107ee408ab25ed412f50dce965a79434d1a2f
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:27 GMT
server
AmazonS3
etag
W/"7e1b11d81e0f5dc457b20e887458e8e6"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
1lu2xQg2-mRSiICB5TVOmUluY_saMCwykAYgqAPWLDBzhxQeYNRWsg==
slick.js
cdn.prod.espresa.com/static/bower_components/slick-carousel/slick/ 		82 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/slick-carousel/slick/slick.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
430f384b0fc496d9650c747cca458a7eae062530c718aa7a896d99031fbbae8d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:25 GMT
server
AmazonS3
etag
W/"99cf8430b8d81c268269760118ec31a4"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
4Rmr6EOcFSUWS-Lj_65MERY8Z3OEHQrNFdzax4vbRjgQ1nIdFlNr_w==
angular-slick.min.js
cdn.prod.espresa.com/static/bower_components/angular-slick-carousel/dist/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angular-slick-carousel/dist/angular-slick.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7d6fdb61164573916c572333cbda31efc42942e21e0b75cdf12c814bcd5fe6ac
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:22 GMT
server
AmazonS3
etag
W/"732ef8e2b4e778ad8e3c379787a8cbdc"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
eNk9Jlj3ls6JsigEWIMWp0PqyXoS_ymlSPsRGu6EEnPrLtmqgbYdXg==
angularjs-dropdown-multiselect.min.js
cdn.prod.espresa.com/static/bower_components/angularjs-dropdown-multiselect/dist/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/angularjs-dropdown-multiselect/dist/angularjs-dropdown-multiselect.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19228a5d25317a57df6e4faa04f7a75719d167f10cc7a53cb491713f16c1ced2
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:04 GMT
server
AmazonS3
etag
W/"5aa844628499ec844f137c179f257679"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
Ge1JcIPiUqkWT8jjcKJuxmRdua_dVuVUShIFhMnTrXwVv1UBkMvtfQ==
ngCropperjs.all.min.js
cdn.prod.espresa.com/static/bower_components/ng-cropperjs/dist/ 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/ng-cropperjs/dist/ngCropperjs.all.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
444611bad2c8c4639ee043176072752fa3bf673968c86e27cde0f5d36875ccd5
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:50 GMT
server
AmazonS3
etag
W/"f948e1418aa2f0dffabd976d12f08a6f"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
lgpY2NIB2ntI5x5dfQ-nwPzCkHtPc3OX0zOeGSPTFiVDpcTTjaeUPw==
ngtweet.js
cdn.prod.espresa.com/static/bower_components/ngtweet/dist/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/ngtweet/dist/ngtweet.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3f81a19995a675cf01b6b3f8191ebd840fb17b6623f4da7ef897a0de3eaf9fec
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:34 GMT
server
AmazonS3
etag
W/"277b1301fbb3afeef88061c9609242be"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
B6rxmPeEFrScd9pP6WENGF55bxgBpihm8CqMqcb1T7IvMUXnNw0vJg==
app-min.js
cdn.prod.espresa.com/static/app/ 		3 MB
479 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/app-min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2e53c14484ab45aadeb14a7ae47d92bbaf638f02f78092ae519265d5e724cb20
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:30:26 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 12:33:21 GMT
server
AmazonS3
etag
W/"6887a1e37c7cdd44717b7d68698487a0"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
rv2t3ZWuq6HsCE060Fr3Ct01XXJ-z-UM9PIBZoe6SEA0gzYrVtPxOQ==
player.js
player.vimeo.com/api/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6e797fdd37f20f47b0150c3287d7cc0745533bc839426ae0d47532fd2703be5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Thu, 18 Jan 2024 23:43:23 GMT
Date
Fri, 19 Jan 2024 04:14:12 GMT
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Via
1.1 varnish
Age
49
X-Cache
HIT
Connection
keep-alive
x-backend-server
player-backend-edge-entry
Content-Length
11228
X-Served-By
cache-fra-eddf8230044-FRA
x-player-backend
g
Server
cloudflare
X-Timer
S1705637653.541422,VS0,VE0
Vary
Accept-Encoding
Content-Type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=1800
x-bapp-server
Accept-Ranges
bytes
CF-RAY
847c3fe04c8f6903-FRA
X-Cache-Hits
6
iframe_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b9ab167fb4bf6ab63b9f20538f2a3ed1d5668ee7eef1ad6f0cda7441d752b5d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:12 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Fri, 19 Jan 2024 04:14:12 GMT
/
js.stripe.com/v3/ 		585 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
ba21ba960dba9a5eb9b06e2248e6134f915102e89a94f0eb560368645a6e9a65
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 04:14:12 GMT
via
1.1 varnish
age
47
x-cache
HIT
content-length
166153
x-request-id
349e754d-8ea7-4ab5-b647-7369f52f021b
x-served-by
cache-ams21069-AMS
last-modified
Thu, 18 Jan 2024 21:49:19 GMT
server
Fastly
etag
"6d9019cd347f5d6d62f5040f90fe1cd3"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
7
element.js
translate.google.com/translate_a/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.google.com/translate_a/element.js?2024-01-17-12-25?cb=googleTranslateElementInit
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
52b0b887f026a3cd708f098eecb1a87f0fd8f5e8f6aa6b63bee1f419a8abad33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Jan 2024 04:14:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
marqeta.min.js
widgets-sandbox.marqeta.com/marqetajs/2.0.0/ 		13 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets-sandbox.marqeta.com/marqetajs/2.0.0/marqeta.min.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.81 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0415f82664d910e027fa0696d001712648c8c347c51afeaf42ba4dda8d717e13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
0
date
Fri, 19 Jan 2024 04:14:12 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
age
0
x-cache
HIT
p3p
CP="CAO PSA OUR"
x_request_id
ec6c1482d231d355d2d6d49a669eebeb96f52c8a
x-xss-protection
1; mode=block
x-served-by
cache-ams21079-AMS
pragma
no-cache
x-runtime
0.002399
referrer-policy
no-referrer
surrogate-keys
all 1-1-0 mjs
content-length
13684
x-timer
S1705637653.548736,VS0,VE101
etag
W/"0415f82664d910e027fa0696d0017126"
x-download-options
noopen
vary
Accept
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-store
accept-ranges
bytes
x-cache-hits
1
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		142 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1c172793d6c6495b3c0b456ba130f378b37bbb8ed00c01afe3e78a39db4595b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id
9Vj8HjCAPakecirEOocFeTulNKRq_aeM
content-encoding
gzip
via
1.1 bf943aab70e585412f7a215fb0a10790.cloudfront.net (CloudFront)
date
Thu, 18 Jan 2024 20:46:04 GMT
x-amz-request-id
E7TDT42C4KR66X8T
x-amz-cf-pop
DUS51-P1
x-amz-server-side-encryption
AES256
age
26999
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
ZVncZESg/Ot8KYSY54lC5keCq9YSA1v0+KsR7nePzSNY9jZdckAkQ4GmYwIJLndiMIFLqbX2kNo=
last-modified
Tue, 16 Jan 2024 20:04:16 GMT
server
AmazonS3
etag
W/"c6fac2bf1735fd337ba4df52d1cbabe2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
OB02BuylTONjSPWL0bfHyY1nC9_1OFBjubpCWKqqMY2cygNM3u9GaQ==
index.js
cdn.prod.espresa.com/static/bower_components/highcharts-border-radius/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/highcharts-border-radius/index.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fefcdd22d0812d88323988c3b4dd173b15177bd251bfdd19095aed6a29848e93
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:32:34 GMT
server
AmazonS3
etag
W/"821ca26435ca7e13c07b4e0c249e1034"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
JAlwPV8PbRQkgCI15Nldnk4EdlyiPOdHdxWBljudOwYUm6DaU7HZ_Q==
highcharts-more.src.js
cdn.prod.espresa.com/static/bower_components/highcharts/ 		174 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/highcharts/highcharts-more.src.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d52f6e6e7ca73faa26ddf6cdab153dfd9a52eada8fac8be009663682a24af5b5
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:33:52 GMT
server
AmazonS3
etag
W/"c06ca00a16fbf25252a90a5d02516db8"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
XuVaxHRznp6GQzSWHkV0gmTYueW0sg4LQdu-5ei_36PXIlFxAA7rFA==
exporting.src.js
cdn.prod.espresa.com/static/bower_components/highcharts/modules/ 		56 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/highcharts/modules/exporting.src.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3cebd726b15ac83386e3bdb458dde178fbf2ad79a94bc63c3f4918119da77c8b
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:34:51 GMT
server
AmazonS3
etag
W/"ffe2ab3bc8dbf621ec34248991b8ac7c"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
XyMrulladKHmKUPhVDMjWcRWUM_qxRoP4zFvglpg0HtIr_JUzM4kPg==
export-data.src.js
cdn.prod.espresa.com/static/bower_components/highcharts/modules/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/highcharts/modules/export-data.src.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f99137cbbb0f549bbd54094c3e1ac1203221bd5919cdc827503af8ee90879c8e
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:34:56 GMT
server
AmazonS3
etag
W/"10cb859d716f542934442f4075642725"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
1l28C8fwfQUlsSBCqCSkozhgFMsU4iki3KR5LozP1MWSg3sIwphABA==
solid-gauge.js
cdn.prod.espresa.com/static/bower_components/highcharts/modules/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/highcharts/modules/solid-gauge.js?2024-01-17-12-25
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d68c260921ca779765e8b69c29b8932c5e63e6240108795909d137464f893edf
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:57 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56627
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:34:55 GMT
server
AmazonS3
etag
W/"ed8ab512ccbd3f9dc7408fb12ba8c1db"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
NnWy735IzWcP7bBSEdJC93rKUoEuHQ3y9hbIroyuPNFsplNLtTSjzg==
hotjar-596126.js
static.hotjar.com/c/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-596126.js?2024-01-17-12-25?sv=5
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-61.dus51.r.cloudfront.net
Software
/
Resource Hash
fd307dcf8edd5e6d4ff28cbdda1d80390a17a871ff7786f4163a417fc3a8db54
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 04:13:25 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
age
47
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/2e7b0a7db4140c4b07647aba77fa7a3a
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
rY0FxGzGtH48qhAzIbQw5ktUQ16VbijUYD9_LDzfj5SprDSgk_5Eww==
modules.2472296d2d26f0040059.js
script.hotjar.com/ 		219 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.2472296d2d26f0040059.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-596126.js?2024-01-17-12-25?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.233.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-233-79.dus51.r.cloudfront.net
Software
/
Resource Hash
5bdaa2d2fac01a05dee8737ec7b70ad184651961d3a3998c1efa7cf147ae1ba1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 15 Jan 2024 14:36:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 f427dd3232a00fbfd410b9c63b196882.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P3
age
308286
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55620
last-modified
Mon, 15 Jan 2024 14:36:02 GMT
etag
"5f2cc7c8ec157af965fb3409029f8b70"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
DwhUZYHNxzVpckjs5Iochx_hJFbJQn6n7ndfmvbPyXGD1iBaBcJZQw==
env.json
cdn.prod.espresa.com/static/app/assets/json/ 		116 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/assets/json/env.json
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/bower_components/jquery/dist/jquery.min.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
85c197f7063e01850d5ca907a00838e565e17958be72f64da8c20b9a599c619c
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:31:58 GMT
content-encoding
br
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56626
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:35:43 GMT
server
AmazonS3
etag
W/"902bfe14a4a928941ad6e737df845a15"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-id
0TCzrutGYS6RBirwaRO7j_mqAmrg_CSEstv_9f-59FIjI0XxzM6E5A==
www-widgetapi.js
www.youtube.com/s/player/42a553e1/www-widgetapi.vflset/ 		216 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/42a553e1/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8791270626b8a4fed6d34bc6cc2b10b5a682ce66d8b5016ed60fe711b5d2d016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 13:31:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
52961
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68593
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 05:15:15 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 17 Jan 2025 13:31:31 GMT
m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css
Requested by
Host:
URL: /_/translate_http/_/js/k=translate_http.tr.nl.LwxFHL2nHiU.O/am=wA/d=1/rs=AN8SPfp1Ju5MNr_3jwI8SVkIcp_c6EXnPw/m=el_conf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 20:30:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
200646
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4144
x-xss-protection
0
last-modified
Sat, 15 Jul 2023 01:09:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 15 Jan 2025 20:30:07 GMT
m=el_main
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.LwxFHL2nHiU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfqqzs9k3OWjdsZ59UINJQF87mMT5A/ 		208 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.LwxFHL2nHiU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfqqzs9k3OWjdsZ59UINJQF87mMT5A/m=el_main
Requested by
Host:
URL: /_/translate_http/_/js/k=translate_http.tr.nl.LwxFHL2nHiU.O/am=wA/d=1/rs=AN8SPfp1Ju5MNr_3jwI8SVkIcp_c6EXnPw/m=el_conf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a8a7c6445eff16e0a3f1d3f771b20f5630c260b5dafd06209b504572d1c6bd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 18:49:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
206704
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73561
x-xss-protection
0
last-modified
Sat, 13 Jan 2024 04:12:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 15 Jan 2025 18:49:09 GMT
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 323B 		200 B
840 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2648100
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 19 Jan 2024 04:14:13 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 11 Nov 2022 20:25:37 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
709551
x-content-type-options
nosniff
x-request-id
0dfec4f4-5824-45d0-9c9f-45e562ad0feb
x-served-by
cache-ams21069-AMS
596126
vc.hotjar.io/sessions/ 		0
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/596126?s=0.25&r=0.1404257081331315
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.2472296d2d26f0040059.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-79.fra56.r.cloudfront.net
Software
Python/3.8 aiohttp/3.8.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
via
1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront)
server
Python/3.8 aiohttp/3.8.4
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
sJjrBp6eNUuLGg-O4IpEpQuyHgiVDaHQpLHELXwDzrsCjU6-xabnZw==
login.html
cdn.prod.espresa.com/static/app/login/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/login/login.html?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
x-csrftoken
Access-Control-Request-Method
GET
Origin
https://app.espresa.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
600
content-length
0
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
date
Fri, 19 Jan 2024 04:14:14 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
x-amz-cf-id
LsrVxqz_N1VVMoLKEphTpddDXHjArnwVIotw1-Uk8o1vfLWOIDSf5g==
x-amz-cf-pop
DUS51-P1
x-amz-id-2
S84FYqd8Ey3pAW+BUBS7AT57lpPXms9XKNs/xEbU7NFTlSbL5z8Yz6+lCT7gC7lf4mkJYJyGYgA=
x-amz-request-id
G9QP8G43NGE6A6PZ
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
meta
app.espresa.com/api/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.espresa.com/api/meta
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/bower_components/angular/angular.min.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.34.136.107 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-136-107.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
d98448b1dc9204f84ffad52fcab6cdce0029ebc143a1d7b7d2ef1e3fa5401289
Security Headers
Name Value
Content-Security-Policy img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; base-uri 'none'; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; frame-ancestors http: https: ftp: ftps:; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.espresa.com/portal/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
content-security-policy
img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; base-uri 'none'; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; frame-ancestors http: https: ftp: ftps:; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
index-hash
25fefa1ef7ed26a7bd85a707541dc07d
content-length
258
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
allow
GET, HEAD
vary
Accept-Language, origin, Cookie, Accept-Encoding
content-language
nl
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate, private
x-frame-options
DENY
expires
Fri, 19 Jan 2024 04:14:13 GMT
loader-dots.html
cdn.prod.espresa.com/static/app/components/loader-dots/ 		231 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/components/loader-dots/loader-dots.html?2024-01-17-12-25
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/bower_components/angular/angular.min.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4e51d02143c50e29b2ccc65fe243676f49aa2370f9a1d94e6d675941bd2b95a5
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 14:41:00 GMT
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
48937
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
231
last-modified
Wed, 17 Jan 2024 11:35:41 GMT
server
AmazonS3
etag
"fca6560b1711d2029496745a2ec720be"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/html
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
ySwwwZI-xMMqmAUrs0Y6LKg7BQgtUOdeaSlGoaO_cTICuSWqVc9sdQ==
login.html
cdn.prod.espresa.com/static/app/login/ 		22 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/login/login.html?2024-01-17-12-25
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b2406877e0bfc562124770517fd4b8ad76c81e0d8bb172ab8b130dbe0f7cd18d
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
nl-NL,nl;q=0.9
X-CSRFToken
1AtvwN79DsTUwnfnHB6z0JwXiZwiGwNw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:33:09 GMT
content-encoding
br
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56611
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:37:08 GMT
server
AmazonS3
etag
W/"ed3408a7173c0f4bb048568b1f73772b"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/html
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-id
Wa44NksdnMRV-zkgA1vjNLE768Xexkp53NhysBPsomE5wihzheG6Qw==
open-sans-v16-greek_greek-ext_cyrillic_latin_latin-ext_cyrillic-ext-regular.woff2
cdn.prod.espresa.com/static/app/assets/fonts/open-sans/ 		42 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/assets/fonts/open-sans/open-sans-v16-greek_greek-ext_cyrillic_latin_latin-ext_cyrillic-ext-regular.woff2
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2e3b1d34ac67763ab50652da19305d4b3694c6b6e6bf35f4b98411ce4af646d2
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Origin
https://app.espresa.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 14:41:00 GMT
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
48916
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
43236
last-modified
Wed, 17 Jan 2024 11:37:03 GMT
server
AmazonS3
etag
"a9557eb451f17dcd8e687327ea9383a0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
XBiKxBlcvAPjEhLDoeIx9UuiQrnGxLO761QgJflb4e4kfauXK-kaZw==
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame 323B 		526 B
450 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 04:14:13 GMT
via
1.1 varnish
age
2964030
x-cache
HIT
content-length
315
x-request-id
60c15e15-7936-4a00-923d-1f38b09cef53
x-served-by
cache-ams21069-AMS
last-modified
Fri, 11 Nov 2022 20:25:36 GMT
server
Fastly
etag
"d96c709017743c0759cf3853d1806ba5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
670119
rum
rum.browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-app&dd-api-key=pub9e049da54880cdc38a7896671a886b1b&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=b90fd4cc-3ca5-4509-b006-38cefa8f58f5&batch_time=1705637653079
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:fa01:7221:3063:f681 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
020b4d5e11a9eb1476b97d44c1ac67917dc2184caaf4f3d09f23d7073b3b2157
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
b90fd4cc-3ca5-4509-b006-38cefa8f58f5
rum
rum.browser-intake-datadoghq.com/api/v2/ 		53 B
344 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-app&dd-api-key=pub9e049da54880cdc38a7896671a886b1b&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=9eeac337-e858-42a1-81d1-30ce97d359a2&batch_time=1705637653080
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:fa01:7221:3063:f681 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0f269daad17a727b9c6ade97e0895d4359a95b76e5ea65d5b8c628dbe472512
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
9eeac337-e858-42a1-81d1-30ce97d359a2
rum
rum.browser-intake-datadoghq.com/api/v2/ 		53 B
344 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-app&dd-api-key=pub9e049da54880cdc38a7896671a886b1b&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=d67c8ebb-cdf4-4614-8166-6d6966bf6080&batch_time=1705637653081
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:fa01:7221:3063:f681 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
7c78e67625aafdbe6f857e60b79610ea4e2495c0fa43ee781d0fc79f3d70164c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
d67c8ebb-cdf4-4614-8166-6d6966bf6080
csp-report
q.stripe.com/ Frame 323B 		0
717 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705637653548120
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1705637653547733
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 323B 		0
716 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705637653548314
x-envoy-upstream-service-time
3
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1705637653547779
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame A8AC 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:5c00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
79
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 19 Jan 2024 04:13:12 GMT
etag
"06bfcd88af438673a8bf9b845a11aa6e"
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 6fadd80db8a3a154b0b68f055a91920c.cloudfront.net (CloudFront)
x-amz-cf-id
RQtjgzoObbKXXap2C4SHspneUNOW5mGBJg9_oDMh8ROZdGvU0fQ0dQ==
x-amz-cf-pop
DUS51-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame A8AC 		0
490 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.espresa.com
URL: https://app.espresa.com/portal/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705637653548580
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
1
x-stripe-client-envoy-start-time-us
1705637653547816
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame A8AC 		87 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:5c00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:10:59 GMT
content-encoding
gzip
via
1.1 6fadd80db8a3a154b0b68f055a91920c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
age
199
x-content-type-options
nosniff
etag
W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop
DUS51-P1
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
GZ34G7zWTksutjmFEb3apOOROS5p1jItMrmGKYEDP-gEWSQxHzjxxA==
6
m.stripe.com/ Frame A8AC 		156 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.211.160.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-160-129.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
f3621849caf2c66e663494dd6e82357f1e380949f7dc6da53360e8aa1fb36f06
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Fri, 19 Jan 2024 04:14:13 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705637653870575
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1705637653870347
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
role
app.espresa.com/api/ 		55 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.espresa.com/api/role
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.34.136.107 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-136-107.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
260d706f70471ad11cff1f2b1a935c27541a247f7b1f2ea07b10cbe06198c5d0
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com; frame-ancestors http: https: ftp: ftps:; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.espresa.com/portal/
accept-language
nl-NL,nl;q=0.9
X-CSRFToken
1AtvwN79DsTUwnfnHB6z0JwXiZwiGwNw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
content-security-policy
base-uri 'none'; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com; frame-ancestors http: https: ftp: ftps:; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
www-authenticate
Session realm="api"
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
index-hash
25fefa1ef7ed26a7bd85a707541dc07d
content-length
55
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
allow
GET, HEAD
vary
Accept-Language, origin, Cookie
content-language
nl
content-type
application/json
cache-control
max-age=0, no-cache, no-store, must-revalidate, private
x-frame-options
DENY
expires
Fri, 19 Jan 2024 04:14:13 GMT
logo-portal.svg
cdn.prod.espresa.com/static/app/assets/images/common/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.espresa.com/static/app/assets/images/common/logo-portal.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8c8832e7a212e23d0ca3daa18978064d942793208ee9fc8adfefec05ca28d87
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:33:09 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56611
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:36:31 GMT
server
AmazonS3
etag
W/"42462a0e51a74f5a7022ad2425bc0d1b"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=86400
x-amz-cf-id
Gd3kwMkxLih_l-KquiiybxwtkOXwXYKlZSvgbdwqgQkKzAN0Mt_ifA==
Logo.svg
cdn.prod.espresa.com/static/app/assets/images/common/ 		9 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.espresa.com/static/app/assets/images/common/Logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96ccf2c5d172f48edbcfb950175b50ffd3deb1c4bf9a14479fc9524631f561e6
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:33:09 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56611
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:36:29 GMT
server
AmazonS3
etag
W/"f18bb10c0f649bd7b9cb9bee4998ece4"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=86400
x-amz-cf-id
lB_vPAlGBJ7aqXSs9GzcLybte0RvOFr1ReDgbHVbj6Jq4mxYV7eO-A==
signup.svg
cdn.prod.espresa.com/static/app/assets/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.espresa.com/static/app/assets/images/signup.svg
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7efeafa401ae9c786c88f82562069b78a494115b616a5425e88fdf31fe2a6c47
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:33:09 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56611
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:36:14 GMT
server
AmazonS3
etag
W/"ed02184b7ca3ee27bb3acd8369fa03aa"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=86400
x-amz-cf-id
O10r8uD3MW5M7ix9keK5LLwIk8KVmQqLsYITXyZxVM8DYoN8bwNgrQ==
dummy_pattern.png
cdn.prod.espresa.com/static/app/assets/images/ 		185 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.espresa.com/static/app/assets/images/dummy_pattern.png
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0c50d00d8470267888c3bbc1e7db5018e6f98148ef8a44d5bde17db5a0dcf589
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:42:45 GMT
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
31610
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
185
last-modified
Wed, 17 Jan 2024 11:36:16 GMT
server
AmazonS3
etag
"41a3f4d0a465eb9b5783b49677cfca4b"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
tzGTAStpPNKLC_kKvY5KjSdPVN25GlYMtuTSlPrG1YS8dbegPVH_Dg==
bg.png
cdn.prod.espresa.com/static/app/assets/images/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.espresa.com/static/app/assets/images/bg.png
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3e16611e05a9499192e8b5558c09b1d404c5c26d8a2bc70ae7d1ffa6dc8e922
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
13711
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
11716
last-modified
Wed, 17 Jan 2024 11:36:16 GMT
server
AmazonS3
etag
"c764cec88b9bc59497f2dd0b33f1e67a"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
image/png
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
L4sX_6mYx9dMbxXX2OyE86hzXXohs86e1Yz5-Ctzwbin5EkkKYhVPg==
stars.svg
cdn.prod.espresa.com/static/app/assets/images/login_page/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.espresa.com/static/app/assets/images/login_page/stars.svg
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8dc6d8334046ed660393ae24a884e2a952271ff05eadc686f252f54f20633f76
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://cdn.prod.espresa.com/static/app/index.min.css?2024-01-17-12-25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 12:33:09 GMT
content-encoding
br
via
1.1 5e696cef0c57cc6cd171bf72fe757bf4.cloudfront.net (CloudFront)
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
56611
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 17 Jan 2024 11:37:01 GMT
server
AmazonS3
etag
W/"78ea9fd2f00ab522f3badfd5767a6df2"
vary
Accept-Encoding, Origin
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=86400
x-amz-cf-id
tXwe-tGZRxVqU_967kbVOw1LTTC8tqzMD1TntkDAFs-QsT1ug5DnSQ==
fontawesome-webfont.woff2
cdn.prod.espresa.com/static/bower_components/fontawesome/fonts/ 		55 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/bower_components/fontawesome/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/bower_components/fontawesome/css/font-awesome.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cdn.prod.espresa.com/static/bower_components/fontawesome/css/font-awesome.min.css?2024-01-17-12-25
Origin
https://app.espresa.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 15:05:06 GMT
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
47404
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
56780
last-modified
Wed, 17 Jan 2024 11:32:33 GMT
server
AmazonS3
etag
"97493d3f11c0a3bd5cbd959f5d19b699"
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
EBukr1I54dSRXyg6X8WEA9PDJOxfEBGsw8LczalG4bHmL2vPaM2smA==
open-sans-v16-greek_greek-ext_cyrillic_latin_latin-ext_cyrillic-ext-700.woff2
cdn.prod.espresa.com/static/app/assets/fonts/open-sans/ 		44 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/assets/fonts/open-sans/open-sans-v16-greek_greek-ext_cyrillic_latin_latin-ext_cyrillic-ext-700.woff2
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c22fe8c70c36f1d862903b772eaed864d3a8fa849473c9caff224fdb852428e4
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Origin
https://app.espresa.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 15:05:06 GMT
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
47390
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
44988
last-modified
Wed, 17 Jan 2024 11:37:05 GMT
server
AmazonS3
etag
"17c283b4e785e073ec09dc72acebafac"
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
GtLTioTnVWKfyBBmlb6eYIMzZs9hX-IujgmtSqUCFNpvukGwfgvDxw==
open-sans-v16-greek_greek-ext_cyrillic_latin_latin-ext_cyrillic-ext-600.woff2
cdn.prod.espresa.com/static/app/assets/fonts/open-sans/ 		44 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.espresa.com/static/app/assets/fonts/open-sans/open-sans-v16-greek_greek-ext_cyrillic_latin_latin-ext_cyrillic-ext-600.woff2
Requested by
Host: cdn.prod.espresa.com
URL: https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-39.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
486c67592731a0b36a89dba1fd0b97aeb73f236bbf60dbf28d7c6b5723c07989
Security Headers
Name Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cdn.prod.espresa.com/static/app/assets/fonts/fonts.min.css?2024-01-17-12-25
Origin
https://app.espresa.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 15:05:06 GMT
via
1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate-pa.googleapis.com api.lokalise.com *.smooch.io; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com; frame-ancestors http: https: ftp: ftps:; base-uri 'none'; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.mixpanel.com *.espresa.com espresa.com wss://*.espresa.com wss://*.hotjar.com *.ibytedtos.com api.lokalise.com *.us.qlikcloud.com wss://*.smooch.io; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.comwww.googletagmanager.com js.stripe.com *.hotjar.io *.hotjar.com app.powerbi.com *.qlik.com *.smooch.io wss://app.espresa.com wss://espresa.com
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DUS51-P1
age
47403
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
44936
last-modified
Wed, 17 Jan 2024 11:37:03 GMT
server
AmazonS3
etag
"97593b89e95959c7f41c47cf407d1f63"
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
r3ak24Hp9Uz9gFIzmrcMFejAixuEMUUs5XfNGipmg0Ereqdbc2FkFw==
auth
app.espresa.com/api/ 		0
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.espresa.com/api/auth
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v4/datadog-rum.js?2024-01-17-12-25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.34.136.107 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-136-107.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com; frame-ancestors http: https: ftp: ftps:; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.espresa.com/portal/
accept-language
nl-NL,nl;q=0.9
X-CSRFToken
1AtvwN79DsTUwnfnHB6z0JwXiZwiGwNw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:14:13 GMT
content-security-policy
base-uri 'none'; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com; frame-ancestors http: https: ftp: ftps:; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
index-hash
25fefa1ef7ed26a7bd85a707541dc07d
content-length
0
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
allow
POST, DELETE
vary
Accept-Language, origin, Cookie
content-language
nl
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials
true
x-frame-options
DENY
expires
Fri, 19 Jan 2024 04:14:13 GMT

Verdicts & Comments Add Verdict or Comment

354 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| hj object| _hjSettings object| DD_RUM object| service object| BrowserDetect object| Sentry function| $ function| jQuery object| angular function| _ function| moment object| FullCalendar object| angular-file-upload object| Highcharts function| Quill function| readMore function| Cropper object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| accessibilityCalendarCtrl function| accomplishmentCardListCtrl function| anniversariesCtrl function| apiTokenCtrl function| attachmentErrorCtrl function| autodeployDetailsCtrl function| availabilityServiceMapping function| breadcrumbsPointsCtrl function| browserTabCustomizationBlockCtrl function| businessItemCtrl function| campusItemCtrl function| campusesSelectCtrl function| cardDonateInfoCtrl function| cardsCarouselCtrl function| cardsCustomizationBlockCtrl function| challengeSearchCardCtrl function| circleProgressBarCtrl function| commonLogDetailsCtrl function| customGrowlNotificationCtrl function| customProgressBarCtrl function| customizableRecognitionLeaderboardCtrl function| dashboardRewardsInfoCard function| debitCardCtrl function| directReportsInfoCtrl function| charts function| createElement function| resetElement function| donationInfoCtrl function| dotsPaginationCtrl function| embedAccessErrorCtrl function| embedFeedCtrl function| embedRewardsCtrl function| emojiCtrl function| employeeBudgetsListCtrl function| employeeCommentItemCtrl function| employeePaymentSummary function| EmptyStateCircleCtrl function| espresaEmptyStateCtrl function| externalTargetBlockCtrl function| feedFiltrationLabelCtrl function| googleTranslateCtrl function| groupFromToFillCtrl function| groupsLinkedToEventCtrl function| groupsSearchListCtrl function| guidelinesPointsLink function| headerPortalLogoBranding function| hintTextCtrl function| imageCropperCtrl function| individualItemCtrl function| infoTooltipCtrl function| informPopupWithOptionsCtrl function| inputCounterLimitCtrl function| itemsPerPageSelector function| linkedinShareButtonCtrl function| localizationSelectLanguageCtrl function| modalListCtrl function| mobileBackgroundSelectorCtrl function| nextPaymentDateCtrl function| notificationListCtrl function| paginationCtrl function| panelsNavigationCtrl function| PhoneSettingsCtrl function| popoverCampusesListCtrl function| profileAttachmentsListCtrl function| profileManagersListCtrl function| programsDeleteModalCtrl function| rateCardCtrl function| ratesTableCtrl function| recipientsListLinkController function| rewardForLevelCtrl function| searchByFilterCtrl function| selectedRecognitionCardCtrl function| selectedSlotsPopoverCtrl function| serviceItemsSliderCtrl function| dateWithTimezone function| sessionDevicesCtrl function| sftpSetupCtrl function| passwordCtrl function| simpleLabelItemCtrl function| sleepEditorCtrl function| standardRewardCardCtrl function| stepBulkUploadFileCtrl function| subscribeSlotsPopoverCtrl function| popoverCompaniesListCtrl function| teamRecognitionLogoCtrl function| twoTablesListCtrl function| updateNotificationCtrl function| uploadGroupMembersCtrl function| userTimezonePopoverCtrl function| vendorMappingListCtrl function| pointsConverterCtrl function| uploadRewardsPageCtrl function| localizationSettingsModalCtrl function| accomplishmentsListModalCtrl function| addCardToLevelCtrl function| addEmojiCtrl function| addLsaMerchantsCtrl function| amazonAddressCtrl function| amazonOffersListCtrl function| anniversariesModalCtrl function| appliedFiltersModalCtrl function| applyCampusCustomizationCtrl function| bulkChangeCategoryCtrl function| cardMerchantsListCtrl function| cardSuccessModalCtrl function| challengeCampusesListCtrl function| challengeSettingsCtrl function| cloneCompanyModalCtrl function| cloneCompanyNotificationModalCtrl function| cloneTasksModalCtrl function| currenciesSettingsController function| editExpenseTypeCtrl function| expenseTypeDetailsCtrl function| groupsBulkPostCtrl function| groupsReportWindowCtrl function| moneyDistributionSuccessCtrl function| notificationDetailsCtrl function| plaidSuccessModalCtrl function| provideCardModalCtrl function| qlikModalController function| recipientsListController function| reimbursementTagsModal function| reimbursementsCheckEmptyCommentModalCtrl function| relatedGroupsModalCtrl function| removeMembersCtrl function| requestDebitCardModalCtrl function| notificationSendCtrl function| sendToVerificationCtrl function| sftpGenerateKeyCtrl function| sftpSettingsController function| signUpMembersModalCtrl function| sortLevelsOrderController function| transferManagerEventsModalCtrl function| logoutSessionModalCtrl function| automaticTranslationSelectCtrl function| translationItemCtrl function| translationItemFormCtrl function| translationItemJsonCtrl function| translationListCtrl function| backgroundImagesBlockCtrl function| programsBlockCtrl function| customDashboardFeedCard function| monthServiceCardCtrl function| myFeedCtrl function| joinWithFormCtrl function| calculatePriceWithOptions function| budgetUtilizationChartCtrl function| byCategoryQuarterCtrl function| byCategoryYearChartCtrl function| editConditionsModalCtrl function| participationAndClaimsChartCtrl function| perRegionChartCtrl function| descriptionModalCtrl function| apiLogsCtrl function| securityLogsCtrl function| advancedCustomizationPageCtrl function| emojiCustomizationCtrl function| sftpExportKeyCtrl function| combinedBulkServicesCtrl function| customizeRequestDetailsCtrl function| proposeActionCtrl function| reimbursementsPaymentsListCtrl function| reimbursementsPlansPaymentSummaryCtrl function| transferResponsibilityConfirmCtrl function| transferResponsibleAdminCtrl function| BulkGenerateCtrl function| editColumnModalCtrl function| ReportOperationsCtrl function| reportTemplateColumnsCtrl function| reportTemplateHeaderCtrl function| reportTemplatesCtrl function| ReportToSftpCtrl function| ReportsHistoryCtrl function| automaticLabelsCtrl function| dynamicLabelWarningCtrl function| challengesInfoTabCtrl function| challengeActivityFeedCtrl function| challengeActivityItemCtrl function| challengesCardCtrl function| challengeCardLeaderboardCtrl function| challengesCardSmallCtrl function| challengesDetailsCtrl function| challengeLeaderboardItemCtrl function| challengeLevelsProgressCtrl function| challengeParticipantsLogoCtrl function| selectTeamCtrl function| challengeTeamItemCtrl function| challengesList function| challengesPage function| healthDataBlockCtrl function| leaderboardListItemCtrl function| leaderboardRewardItemCtrl function| taskIconCtrl function| taskItemCtrl function| tasksListCtrl function| challengeLevelsInfoCtrl function| completedChallengesModalCtrl function| editSyncDataCtrl function| leaderboardDetailsModalCtrl function| selectChallengeTimezoneModalCtrl function| submitTaskProgressModalCtrl function| teamMembersContributionModalCtrl function| greetingActivityItemCtrl function| recipientReactionCtrl function| rewardLevelCardCtrl function| activityOperatingSystemsCtrl function| challengeGoalItemCtrl function| challengeGoalsDetailsCtrl function| joinEmployeesToChallengeCtrl function| notifyParticipantsSectionCtrl function| recognitionCardModalCtrl function| challengeGoalsCtrl function| guidelineCtrl function| attributeValuesCtrl function| createAttributeCtrl function| historyLogVersionCtrl function| historyLogsCtrl function| customizationViewBlockCtrl function| GlobalSubcategoriesListCtrl function| SubcategoriesMappingCtrl function| vendorCardCtrl function| rewardBackgroundCtrl function| anniversarySettingsCtrl function| anniversarySettingsModalCtrl function| greetingCardsItemCtrl function| greetingCardsListCtrl function| setRecognizerModalCtrl object| sentryInfo function| reportController object| rewardsStatusesList object| youtubeRegExp object| vimeoRegExp object| microsoftStreamRegExp object| loomRegExp function| getAdditionalInfoFormFieldTypes function| isUsedForEmployeesSelection object| staticFile function| teamsServices object| __SENTRY__ object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| webpackChunkStripeJSouter function| noop function| Stripe function| _DumpException object| default_tr object| _F_toggles string| MSG_TRANSLATE string| MSG_CANCEL string| MSG_CLOSE function| MSGFUNC_PAGE_TRANSLATED_TO function| MSGFUNC_TRANSLATED_TO string| MSG_GENERAL_ERROR string| MSG_LEARN_MORE function| MSGFUNC_POWERED_BY string| MSG_TRANSLATE_PRODUCT_NAME string| MSG_TRANSLATION_IN_PROGRESS function| MSGFUNC_TRANSLATE_PAGE_TO function| MSGFUNC_VIEW_PAGE_IN string| MSG_RESTORE string| MSG_SSL_INFO_LOCAL_FILE string| MSG_SSL_INFO_SECURE_PAGE string| MSG_SSL_INFO_INTRANET_PAGE string| MSG_SELECT_LANGUAGE function| MSGFUNC_TURN_OFF_TRANSLATION function| MSGFUNC_TURN_OFF_FOR string| MSG_ALWAYS_HIDE_AUTO_POPUP_BANNER string| MSG_ORIGINAL_TEXT string| MSG_FILL_SUGGESTION string| MSG_SUBMIT_SUGGESTION string| MSG_SHOW_TRANSLATE_ALL string| MSG_SHOW_RESTORE_ALL string| MSG_SHOW_CANCEL_ALL string| MSG_TRANSLATE_TO_MY_LANGUAGE function| MSGFUNC_TRANSLATE_EVERYTHING_TO string| MSG_SHOW_ORIGINAL_LANGUAGES string| MSG_OPTIONS string| MSG_TURN_OFF_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_SUGGESTION string| MSG_ALT_ACTIVITY_HELPER_TEXT string| MSG_USE_ALTERNATIVES string| MSG_DRAG_TIP string| MSG_CLICK_FOR_ALT string| MSG_DRAG_INSTUCTIONS string| MSG_SUGGESTION_SUBMITTED string| MSG_MANAGE_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_AND_CONTRIBUTE_ACTIVITY_HELPER_TEXT string| MSG_ORIGINAL_TEXT_NO_COLON string| MSG_LANGUAGE_UNSUPPORTED string| MSG_LANGUAGE_TRANSLATE_WIDGET string| MSG_RATE_THIS_TRANSLATION string| MSG_FEEDBACK_USAGE_FOR_IMPROVEMENT string| MSG_FEEDBACK_SATISFIED_LABEL string| MSG_FEEDBACK_DISSATISFIED_LABEL string| MSG_TRANSLATION_NO_COLON function| _exportVersion function| _getCallbackFunction function| _exportMessages function| _loadJs function| _loadCss function| _isNS function| _setupNS object| google object| marqeta object| Plaid object| webpackJsonpPlaid object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_

12 Cookies

Domain/Path Name / Value
app.espresa.com/ Name: csrftoken
Value: 1AtvwN79DsTUwnfnHB6z0JwXiZwiGwNw
.vimeo.com/ Name: __cf_bm
Value: Mu2fcpvUpbGJf5slwtJgO3ZAezk0JBN4tXVSSYZVWoM-1705637652-1-ARxMmiIe/tOF1egNXlN5dOB8L7T2CVqwkRLy2zbRCcsGq57yjTN7eTSQlzv/NNISZ1WU4lLCWTBuJzmt/DlhuiE=
.youtube.com/ Name: YSC
Value: 8tES3YUOAt0
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: g2I_fznLYcM
.espresa.com/ Name: _hjSessionUser_596126
Value: eyJpZCI6IjYwMzg3NzA2LTY1YzMtNTI5ZS04NWIzLWJjZTZkMWRkNzRlNiIsImNyZWF0ZWQiOjE3MDU2Mzc2NTMwMjIsImV4aXN0aW5nIjpmYWxzZX0=
.espresa.com/ Name: _hjIncludedInSessionSample_596126
Value: 0
.espresa.com/ Name: _hjSession_596126
Value: eyJpZCI6IjA0Y2UzZTNkLTg5ODItNDk1My1iM2FkLTBkMWQ3MDZjYWJjZiIsImMiOjE3MDU2Mzc2NTMwMjIsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
m.stripe.com/ Name: m
Value: 2010e470-1e99-4826-8803-94a69b7fbccbbc6108
.app.espresa.com/ Name: __stripe_mid
Value: e2760584-42f9-4072-8318-de3b0a1f96378c123f
.app.espresa.com/ Name: __stripe_sid
Value: c8617195-4cd7-4cfb-97b2-fb41463e6a5e754def
.espresa.com/ Name: sessionid
Value: e1mu7ff8xr85rwafaz0p5cs4yd42pck5
app.espresa.com/ Name: _dd_s
Value: rum=2&id=5366f822-00bc-4d73-8fd9-932bd03a0a0f&created=1705637653066&expire=1705638553066

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
network error URL: https://app.espresa.com/api/role
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy object-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com; script-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mxpnl.com js.stripe.com *.hotjar.io *.hotjar.com *.espresa.com espresa.com whatfix.com cdn.whatfix.com *.vimeo.com cdnjs.cloudflare.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.tiktokcdn.com *.tiktok.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com translate.googleapis.com translate-pa.googleapis.com api.lokalise.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com *.smooch.io *.gstatic.com widget-mediator.zopim.com browser.sentry-cdn.com cdn.plaid.com sandbox.plaid.com development.plaid.com 'nonce-LkH5ehXMDf57hP+YDzOpnA=='; default-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' csi.gstatic.com www.gstatic.com www.google-analytics.com cdn.jsdelivr.net sentry.espresa.com *.espresa.com espresa.com *.youtube.com *.qlikcloud.com *.microsoftstream.com *.vimeo.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.ibytedtos.com *.facebook.com *.instagram.com maps.gstatic.com maps.google.com www.googletagmanager.com whatfix.com cdn.whatfix.com js.stripe.com *.hotjar.io *.hotjar.com translate.googleapis.com app.powerbi.com *.qlikcloud.com *.qlik.com *.loom.com *.zdassets.com *.zendesk.com *.smooch.io *.marqeta.com http://widgets-env.marqeta.com/ cdn.plaid.com sandbox.plaid.com development.plaid.com wss://app.espresa.com; connect-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com data: 'self' *.hotjar.io *.hotjar.com *.espresa.com espresa.com ws://*.espresa.com wss://*.espresa.com wss://*.hotjar.com whatfix.com *.ibytedtos.com translate.googleapis.com api.lokalise.com *.us.qlikcloud.com https://eu.backendlessappcontent.com *.zdassets.com *.zendesk.com wss://*.smooch.io csp.withgoogle.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.com production.plaid.com sandbox.plaid.com development.plaid.com; img-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: www.google-analytics.com script.hotjar.com http: https: *.espresa.com espresa.com; base-uri 'none'; style-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'unsafe-inline' 'self' cdnjs.cloudflare.com s16.tiktokcdn.com *.espresa.com espresa.com translate.googleapis.com www.gstatic.com; frame-ancestors http: https: ftp: ftps:; font-src espresa-prod-app-store.s3.amazonaws.com cdn.prod.espresa.com 'self' data: fonts.googleapis.com fonts.gstatic.com www.gstatic.com *.hotjar.com *.espresa.com espresa.com *.hotjar.io
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.espresa.com
browser.sentry-cdn.com
cdn.plaid.com
cdn.prod.espresa.com
js.stripe.com
m.stripe.com
m.stripe.network
player.vimeo.com
q.stripe.com
rum.browser-intake-datadoghq.com
script.hotjar.com
static.hotjar.com
translate.google.com
translate.googleapis.com
vc.hotjar.io
widgets-sandbox.marqeta.com
www.datadoghq-browser-agent.com
www.gstatic.com
www.youtube.com
151.101.128.176
151.101.193.81
162.159.128.61
18.173.225.115
18.173.233.79
18.66.112.79
18.66.248.39
18.66.248.56
18.66.248.61
2600:1f18:24e6:b901:fa01:7221:3063:f681
2600:9000:224a:5c00:19:7d10:bd80:93a1
2a00:1450:4001:806::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:831::200e
2a04:4e42::729
34.211.160.129
34.214.17.226
52.34.136.107
54.187.119.242
020b4d5e11a9eb1476b97d44c1ac67917dc2184caaf4f3d09f23d7073b3b2157
0415f82664d910e027fa0696d001712648c8c347c51afeaf42ba4dda8d717e13
0a3e677a1295c85f2fcd11375c50518aa50875a9f8f490a172d1836e8f8b5a07
0a8a7c6445eff16e0a3f1d3f771b20f5630c260b5dafd06209b504572d1c6bd0
0c50d00d8470267888c3bbc1e7db5018e6f98148ef8a44d5bde17db5a0dcf589
14dd592e11b348118b490883a60bdaccb4b049c9a8e9f1b79f933d61e3cafd75
19228a5d25317a57df6e4faa04f7a75719d167f10cc7a53cb491713f16c1ced2
1c172793d6c6495b3c0b456ba130f378b37bbb8ed00c01afe3e78a39db4595b4
1d43fc95f84364c007fa49c61fcac91b8c269e477e336a998a4246bff00eda1f
22832a4e8d3de68ac14cccedb599f8a97d036739b8e491b2479e6317c182749c
22b404d34700979e4c9746c855a72f38d926d317ca16336e1e24614664a6ff2e
24103af48b9ee0409c9178cd92eba5dc3cdf0c76827b7c265c4f6f681b4dc176
260d706f70471ad11cff1f2b1a935c27541a247f7b1f2ea07b10cbe06198c5d0
272cb08ecf2c8522966e1b85e037c34b4e2573ba9b214968100acee2851ed916
29bb97518fad77c095e12b38fab4e2d7feaa2f5a4898385a0439dbbef21fbf52
29f4fbefad4b5ec62b509f075a7fe116e9c6471d331c110b9d17c0ad5ec80436
2aa6e1e303225202e848b6613e71c0d9c973b8fa80ca112bc42943fd5cfd9ef4
2c2213b64fbf14d006d891972ff12062a72aea19d4d303d646555c626394bf16
2e3b1d34ac67763ab50652da19305d4b3694c6b6e6bf35f4b98411ce4af646d2
2e53c14484ab45aadeb14a7ae47d92bbaf638f02f78092ae519265d5e724cb20
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
396c4ad3d6c4a78e47b29a1d8e526bc83a72b61ead1b14b297752af2e8ab1005
3cebd726b15ac83386e3bdb458dde178fbf2ad79a94bc63c3f4918119da77c8b
3e8d479b61e09797aa910a2de2d84cb0bdd8d1e26acd061ec713082ddd57839a
3f81a19995a675cf01b6b3f8191ebd840fb17b6623f4da7ef897a0de3eaf9fec
40ced4e99411a77f3b98712e1b340a28ba33160eca965a8453eb07984220a02d
430f384b0fc496d9650c747cca458a7eae062530c718aa7a896d99031fbbae8d
444611bad2c8c4639ee043176072752fa3bf673968c86e27cde0f5d36875ccd5
486c67592731a0b36a89dba1fd0b97aeb73f236bbf60dbf28d7c6b5723c07989
4d4fa78c606eed3d43adf2a0381107ee408ab25ed412f50dce965a79434d1a2f
4e51d02143c50e29b2ccc65fe243676f49aa2370f9a1d94e6d675941bd2b95a5
4ec3b0c61c05f634d980caa7b68751a65bf6fcaa03ffe807014782b701a97022
52b0b887f026a3cd708f098eecb1a87f0fd8f5e8f6aa6b63bee1f419a8abad33
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5bdaa2d2fac01a05dee8737ec7b70ad184651961d3a3998c1efa7cf147ae1ba1
5c0cb07ac75e2a1911086758d4af52caffe90755f367517226e64e1cfd2041af
5f76f83f75befd2e33f03cf321c125633b076b17bd5725f2090d30175b995a57
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
7049fe681fcb9ab0b698cb386df97d09c06604016d36f6ee0888abe9aa566cdb
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7c78e67625aafdbe6f857e60b79610ea4e2495c0fa43ee781d0fc79f3d70164c
7d6fdb61164573916c572333cbda31efc42942e21e0b75cdf12c814bcd5fe6ac
7dc0a51c32dae143f2eade235145dfd6a7756388c0f0bf409fa373dd6c233629
7efeafa401ae9c786c88f82562069b78a494115b616a5425e88fdf31fe2a6c47
7fa240fc9071498bf4a0d15f5e312adf6929001628936804d6e66b54ead22bc3
85c197f7063e01850d5ca907a00838e565e17958be72f64da8c20b9a599c619c
8791270626b8a4fed6d34bc6cc2b10b5a682ce66d8b5016ed60fe711b5d2d016
88973ad5cefa421a85874182a1c273f8bdcdf6ab17a78e5894e72c6f5231ce55
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
8dc6d8334046ed660393ae24a884e2a952271ff05eadc686f252f54f20633f76
91dd61cff58efd54434d6bbea42fe6c0eed1af42968e9c592fb516736395c22a
93f5c7d2340d52a0817cd821cdf0fb03bd9336f142b6921187df087bd5ef302d
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
9565c2844335c6d78993d7d037fd6a93b722ca0bfe0b1094e32e2f792238c29f
96ccf2c5d172f48edbcfb950175b50ffd3deb1c4bf9a14479fc9524631f561e6
99a1f89d54f46e1897a07f69de9140bd6ea8146b665fa26052da6075626b061d
a0f269daad17a727b9c6ade97e0895d4359a95b76e5ea65d5b8c628dbe472512
a7f376d187614b8774414b045caea55331a22f21bc9a22e78f2ac67a73f0f8e2
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ab63704a79519f09815b1693aa7bc0221234d9049cb40f5ab110fd3221caec49
b2406877e0bfc562124770517fd4b8ad76c81e0d8bb172ab8b130dbe0f7cd18d
b50388552d0e7e936b83cf21a2633f39215e57cb044e5c5f4e8028059bcecb2d
b727d65b62ed250348fa5dc5d21eb10d5fe28fa31f9fc97048a1d63ac9848173
b9ab167fb4bf6ab63b9f20538f2a3ed1d5668ee7eef1ad6f0cda7441d752b5d6
ba21ba960dba9a5eb9b06e2248e6134f915102e89a94f0eb560368645a6e9a65
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bf63c4491140de87027557a7c15c741f65c83d98274347b105a06a20e05ce78d
c22fe8c70c36f1d862903b772eaed864d3a8fa849473c9caff224fdb852428e4
c34f2aef7baa04ca110899ca685207323346266b7740deaa1f077aafb75ee4cb
c35ba42e1dcbca7027adf7a7ba1b3b65f9ed37ef580c6063af06afb4257b8288
c3efdbe3b5dc306b14ed939f54b6a286c5e851bfeb3a14c4aa54b788b5dda4d6
c44cf84e3ecde30b60aae7f3c71e97daab38da884b88fb1b7cafd9f45a4b854f
cbcfa062bb4ebadff034e84427512a1452e4a5303fccdd67abe84d402511b4c0
cca95184a5b43a18e52c39192baf2371518daa621ebd1a8b13af75c50de084cc
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
cdbad18a20f9469c18994cc59e4d3808e092691f3f7a67b319581a06aa93a999
d12543ca3ea45141d6dddb3bca50f46a0c3edaf58099638d1f726cd3ff277440
d52f6e6e7ca73faa26ddf6cdab153dfd9a52eada8fac8be009663682a24af5b5
d68c260921ca779765e8b69c29b8932c5e63e6240108795909d137464f893edf
d8a3498b987a36d13115fc555204f13000a6872b74c84dadcf6d0888f34b36bd
d917660c3d6f7aad32ebc4b0012c6d0bb84a13e201a012e334bcca4b9f4686c9
d98448b1dc9204f84ffad52fcab6cdce0029ebc143a1d7b7d2ef1e3fa5401289
d9eef3861f5cedfb286eb1e52ded1f813bacf11082ddcfc23e7c896164b08039
dc6ffe00ea357a0f8ce9d0104243cd52ed4a09e4c4594d27dbe5b44c3af92c4d
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e16611e05a9499192e8b5558c09b1d404c5c26d8a2bc70ae7d1ffa6dc8e922
e4bd11692e04ce20e8db6d96249a94dc2ccf02c49c3d8409c44396d641e52a72
e6e797fdd37f20f47b0150c3287d7cc0745533bc839426ae0d47532fd2703be5
e8c8832e7a212e23d0ca3daa18978064d942793208ee9fc8adfefec05ca28d87
f3621849caf2c66e663494dd6e82357f1e380949f7dc6da53360e8aa1fb36f06
f53d5fd2b3769b28325693a7dd6804fb5209b9bf843096d6b116dab97d12091d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f913921ac2e4d43fcb79e8f87d3c69df3a8c3c9a5ded30d8610b4f3ca6063d3a
f99137cbbb0f549bbd54094c3e1ac1203221bd5919cdc827503af8ee90879c8e
fd307dcf8edd5e6d4ff28cbdda1d80390a17a871ff7786f4163a417fc3a8db54
fefcdd22d0812d88323988c3b4dd173b15177bd251bfdd19095aed6a29848e93