urlscan.io logo urlscan.io
SecurityTrails logo

app.guestoo.de Open in urlscan Pro
2a01:4f8:1c0c:819a::1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app.guestoo.de/
Effective URL: https://app.guestoo.de/auth/
Submission: On June 13 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 23 HTTP transactions. The main IP is 2a01:4f8:1c0c:819a::1, located in Gunzenhausen, Germany and belongs to HETZNER-AS, DE. The main domain is app.guestoo.de.
TLS certificate: Issued by R3 on May 28th 2024. Valid for: 3 months.
This is the only time app.guestoo.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 29 2a01:4f8:1c0c... 24940 (HETZNER-AS)
23 1
Apex Domain
Subdomains		 Transfer
29 guestoo.de
app.guestoo.de
3 MB
23 1
Domain Requested by
29 app.guestoo.de 6 redirects app.guestoo.de
23 1

This site contains links to these domains. Also see Links.

Domain
www.guestoo.de
Subject Issuer Validity Valid
app.guestoo.de
R3		 2024-05-28 -
2024-08-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://app.guestoo.de/auth/
Frame ID: 5A2C0CF50E0465758053E8445E93D714
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | Guestoo • Gästemanagement einfach!

Page URL History Show full URLs

  1. https://app.guestoo.de/ Page URL
  2. https://app.guestoo.de/dashboard/login HTTP 302
    https://app.guestoo.de/login HTTP 302
    https://app.guestoo.de/auth/oauth/authorize?client_id=codepiraten&redirect_uri=https://app.guestoo.... HTTP 302
    https://app.guestoo.de/auth/ Page URL

Page Statistics

23
Requests

96 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

3524 kB
Transfer

17429 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app.guestoo.de/ Page URL
  2. https://app.guestoo.de/dashboard/login HTTP 302
    https://app.guestoo.de/login HTTP 302
    https://app.guestoo.de/auth/oauth/authorize?client_id=codepiraten&redirect_uri=https://app.guestoo.de/login&response_type=code&scope=openid&state=HigluY HTTP 302
    https://app.guestoo.de/auth/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://app.guestoo.de/proxy/userDetails?t=1718256998561 HTTP 302
  • https://app.guestoo.de/logout HTTP 302
  • https://app.guestoo.de/auth/logout HTTP 302
  • https://app.guestoo.de/auth/

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
app.guestoo.de/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
b92c53012bf295d0dcf627941b0b498a309fc816fa843fabf9294d02b19d3611
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options deny
X-Xss-Protection 1 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Length
1181
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Content-Type
text/html;charset=UTF-8
Date
Thu, 13 Jun 2024 05:36:37 GMT
Expires
0
Keep-Alive
timeout=5, max=100
Permissions-Policy
microphone=(), geolocation=()
Pragma
no-cache
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000 ; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
deny
X-XSS-Protection
1 1; mode=block
vendor.cfacc0f49ffe64f3c6ac.min.css
app.guestoo.de/app/ 		344 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/vendor.cfacc0f49ffe64f3c6ac.min.css
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
42e43be2029d5cd85343c5caf332b93e68e1e5ee99a3b961b370fae8d1987862
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
43809
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"5611b-61ab84a98f089-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
text/css
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
default.cfacc0f49ffe64f3c6ac.min.css
app.guestoo.de/app/ 		608 KB
178 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/default.cfacc0f49ffe64f3c6ac.min.css
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
7bce43090b3539cb898244267a8d2480ec10b9a57fde10ff9894f313a513c9fe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"9808f-61ab84a98e0e9-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
text/css
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
vendor.8b3909cee4c21fbf1069.chunk.js
app.guestoo.de/app/ 		4 MB
988 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
c3c843eb505cef3ccf482a4b368e679b5bad151ba3efe1353806272cba8f73d5
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"436ab0-61ab84a98b209-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
default.63c84473ae61bd97ac74.chunk.js
app.guestoo.de/app/ 		4 MB
714 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/default.63c84473ae61bd97ac74.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
1b1f0585da8340e8afb488a8e9eabe5786a7d7a741bb39409b9b68439dc9fedc
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"3e7131-61ab84a98d149-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
fa.28b2e6f42df1f8de59aa.chunk.js
app.guestoo.de/app/ 		1 MB
424 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/fa.28b2e6f42df1f8de59aa.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
a7a85df0007997935e4319ec9f8b7255e32e37a48e46d76559d4aac2f434d881
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"11e5db-61ab84a98c1a9-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
signaturePad.0122fcfe27cfccd98dff.chunk.js
app.guestoo.de/app/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/signaturePad.0122fcfe27cfccd98dff.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
4552c4f8bf02ccc4873fea1a55d74fd71bfef02292976a69816b7b5703160d49
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
3915
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"2eab-61ab84a98e0e9-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
translations
app.guestoo.de/proxy/api/public/ 		122 KB
123 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/proxy/api/public/translations?part=general&language=de&agency=&t=162227416
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options deny
X-Xss-Protection 1, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Last-Modified
Wed, 12 Jun 2024 13:47:59 GMT
Server
Apache
Referrer-Policy
no-referrer-when-downgrade
CPTranslationVersion
1718200079899
X-Frame-Options
deny
Transfer-Encoding
chunked
Content-Type
application/json
Permissions-Policy
microphone=(), geolocation=()
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1, 1; mode=block
translations
app.guestoo.de/proxy/api/public/ 		338 KB
339 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/proxy/api/public/translations?part=admin&language=de&agency=&t=162227416
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options deny
X-Xss-Protection 1, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Last-Modified
Wed, 12 Jun 2024 13:47:59 GMT
Server
Apache
Referrer-Policy
no-referrer-when-downgrade
CPTranslationVersion
1718200079899
X-Frame-Options
deny
Transfer-Encoding
chunked
Content-Type
application/json
Permissions-Policy
microphone=(), geolocation=()
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1, 1; mode=block
translations
app.guestoo.de/proxy/api/public/ 		100 KB
101 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/proxy/api/public/translations?part=general&language=en&agency=&t=162227416
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options deny
X-Xss-Protection 1, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Last-Modified
Wed, 12 Jun 2024 13:47:59 GMT
Server
Apache
Referrer-Policy
no-referrer-when-downgrade
CPTranslationVersion
1718200079899
X-Frame-Options
deny
Transfer-Encoding
chunked
Content-Type
application/json
Permissions-Policy
microphone=(), geolocation=()
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1, 1; mode=block
translations
app.guestoo.de/proxy/api/public/ 		304 KB
305 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/proxy/api/public/translations?part=admin&language=en&agency=&t=162227416
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options deny
X-Xss-Protection 1, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Last-Modified
Wed, 12 Jun 2024 13:47:59 GMT
Server
Apache
Referrer-Policy
no-referrer-when-downgrade
CPTranslationVersion
1718200079899
X-Frame-Options
deny
Transfer-Encoding
chunked
Content-Type
application/json
Permissions-Policy
microphone=(), geolocation=()
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1, 1; mode=block
init
app.guestoo.de/proxy/api/app/ 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/proxy/api/app/init
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options deny
X-Xss-Protection 1, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://app.guestoo.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1, 1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
X-Frame-Options
deny
Content-Type
application/json
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy
microphone=(), geolocation=()
Keep-Alive
timeout=5, max=99
Expires
0
/
app.guestoo.de/auth/
Redirect Chain
  • https://app.guestoo.de/proxy/userDetails?t=1718256998561
  • https://app.guestoo.de/logout
  • https://app.guestoo.de/auth/logout
  • https://app.guestoo.de/auth/
6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options deny, DENY
X-Xss-Protection 1, 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.guestoo.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1907
X-XSS-Protection
1, 1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
X-Frame-Options
deny, DENY
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Origin
*
Content-Language
de-DE
Access-Control-Max-Age
3600
Cache-Control
no-store
Permissions-Policy
microphone=(), geolocation=()
Vary
Accept-Encoding
Access-Control-Allow-Headers
x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN
Keep-Alive
timeout=5, max=95

Redirect headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff, nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000 ; includeSubDomains
Connection
Keep-Alive
Content-Length
0
X-XSS-Protection
1, 1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
X-Frame-Options
deny, DENY
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin
*
Location
https://app.guestoo.de/auth/
Access-Control-Max-Age
3600
Permissions-Policy
microphone=(), geolocation=()
Access-Control-Allow-Headers
x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN
Keep-Alive
timeout=5, max=96
favicon-32x32.png
app.guestoo.de/img/favicon/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/img/favicon/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/dashboard
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
Keep-Alive
Content-Length
2050
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"802-61ab84a992f08"
X-Frame-Options
deny
Content-Type
image/png
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Primary Request /
app.guestoo.de/auth/
Redirect Chain
  • https://app.guestoo.de/dashboard/login
  • https://app.guestoo.de/login
  • https://app.guestoo.de/auth/oauth/authorize?client_id=codepiraten&redirect_uri=https://app.guestoo.de/login&response_type=code&scope=openid&state=HigluY
  • https://app.guestoo.de/auth/
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/auth/
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/app/default.63c84473ae61bd97ac74.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
22c8a82d02942ffa5d004d2998b7d36ba3e2a0905464e99eb00cbc4cf3d06386
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options deny DENY
X-Xss-Protection 1 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.guestoo.de/dashboard
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Headers
x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3600
Cache-Control
no-store
Connection
Keep-Alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Length
1907
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Content-Type
text/html;charset=UTF-8
Date
Thu, 13 Jun 2024 05:36:38 GMT
Keep-Alive
timeout=5, max=91
Permissions-Policy
microphone=(), geolocation=()
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000 ; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
deny DENY
X-XSS-Protection
1 1; mode=block

Redirect headers

Access-Control-Allow-Headers
x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3600
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Date
Thu, 13 Jun 2024 05:36:38 GMT
Keep-Alive
timeout=5, max=92
Location
https://app.guestoo.de/auth/
Permissions-Policy
microphone=(), geolocation=()
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
deny DENY
X-XSS-Protection
1 1; mode=block
vendor.cfacc0f49ffe64f3c6ac.min.css
app.guestoo.de/app/ 		344 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/vendor.cfacc0f49ffe64f3c6ac.min.css
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
42e43be2029d5cd85343c5caf332b93e68e1e5ee99a3b961b370fae8d1987862
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
43809
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"5611b-61ab84a98f089-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
text/css
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
login.cfacc0f49ffe64f3c6ac.min.css
app.guestoo.de/app/ 		35 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/login.cfacc0f49ffe64f3c6ac.min.css
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
38df0ee653a998ee4c93831d9790e54a77969f9df1aa45a40da59a1de20bd671
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
7295
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"8c56-61ab84a98e0e9-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
text/css
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=90
logo-300x95.png
app.guestoo.de/img/logos/ 		62 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.guestoo.de/img/logos/logo-300x95.png
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
0d72c02e1601a9648dac91baac511847451fd2f65c73c0bb1cfef2a17f3c1387
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
Keep-Alive
Content-Length
63507
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"f813-61ab84a992f08"
X-Frame-Options
deny
Content-Type
image/png
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
vendor.8b3909cee4c21fbf1069.chunk.js
app.guestoo.de/app/ 		4 MB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/vendor.8b3909cee4c21fbf1069.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
c3c843eb505cef3ccf482a4b368e679b5bad151ba3efe1353806272cba8f73d5
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"436ab0-61ab84a98b209-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
login.c89b5267616d1aca59f4.chunk.js
app.guestoo.de/app/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/login.c89b5267616d1aca59f4.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
4ebe6b338b909dc78fed3b78d651d1f30130b6653df114cc092bddc3e98da1ee
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1870
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"1170-61ab84a98d149-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
fa.28b2e6f42df1f8de59aa.chunk.js
app.guestoo.de/app/ 		1 MB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/app/fa.28b2e6f42df1f8de59aa.chunk.js
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
a7a85df0007997935e4319ec9f8b7255e32e37a48e46d76559d4aac2f434d881
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:37 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"11e5db-61ab84a98c1a9-gzip"
X-Frame-Options
deny
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
bg-default.jpg
app.guestoo.de/img/defaults/ 		216 KB
216 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.guestoo.de/img/defaults/bg-default.jpg
Requested by
Host: app.guestoo.de
URL: https://app.guestoo.de/auth/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
c2faa391688477d86bceab4d26916580352cde518cef181ca43c9ca568909110
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:39 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
Keep-Alive
Content-Length
221035
X-XSS-Protection
1
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"35f6b-61ab84a990fc9"
X-Frame-Options
deny
Content-Type
image/jpeg
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
favicon-32x32.png
app.guestoo.de/img/favicon/ 		2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://app.guestoo.de/img/favicon/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:4f8:1c0c:819a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
f5bdca0858505c1f4f96d8ba734fdaa9fe7c56a3286a3bd3fb0607942ba4a4c6
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://app.guestoo.de/auth/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 13 Jun 2024 05:36:38 GMT
Content-Security-Policy
script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 12 Jun 2024 21:44:48 GMT
Server
Apache
ETag
"802-61ab84a992f08"
X-Frame-Options
deny
Content-Type
image/png
Permissions-Policy
microphone=(), geolocation=()
Accept-Ranges
bytes
Content-Length
2050
X-XSS-Protection
1

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| webpackJsonp object| validator object| formCheck function| setImmediate function| clearImmediate object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome

4 Cookies

Domain/Path Name / Value
app.guestoo.de/auth Name: JSESSIONID
Value: B33A63117B2DFDA5687F3CC5CAF0A2A5
app.guestoo.de/ Name: JBSESSIONID
Value: 27A0D5CD1E50446CA262693126154AF5
app.guestoo.de/ Name: JSESSIONID
Value: 6C9E672EE8C44B735D9F568B9F37132B
app.guestoo.de/ Name: XSRF-TOKEN
Value: 8103bbfe-d1bb-4230-8d3c-b6c5965f4310

2 Console Messages

Source Level URL
Text
security error URL: https://app.guestoo.de/auth/(Line 18)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com". Either the 'unsafe-inline' keyword, a hash ('sha256-kfaWRiYeZIbTeXmRH/ZoZDgQvAFjyJYJGOXFZ7GQIGo='), or a nonce ('nonce-...') is required to enable inline execution.
recommendation verbose URL: https://app.guestoo.de/auth/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'sha256-g1kdiO4SzgRtNWfEcaNRaqSEFr6qmZBa5Lb0Z+JXils=' https://js.stripe.com; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options deny
X-Xss-Protection 1 1; mode=block