urlscan.io logo urlscan.io
SecurityTrails logo

cardware-admin-staging1.herokuapp.com Open in urlscan Pro
3.210.62.191  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://tsicapp.com/
Effective URL: https://cardware-admin-staging1.herokuapp.com/
Submission: On December 13 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 3.210.62.191, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is cardware-admin-staging1.herokuapp.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 15th 2020. Valid for: a year.
This is the only time cardware-admin-staging1.herokuapp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 184.168.131.241 26496 (AS-26496-...)
16 3.210.62.191 14618 (AMAZON-AES)
16 2
Apex Domain
Subdomains		 Transfer
16 herokuapp.com
cardware-admin-staging1.herokuapp.com
2 MB
1 tsicapp.com
tsicapp.com
238 B
16 2
Domain Requested by
16 cardware-admin-staging1.herokuapp.com cardware-admin-staging1.herokuapp.com
1 tsicapp.com 1 redirects
16 2

This site contains links to these domains. Also see Links.

Domain
google.com
Subject Issuer Validity Valid
*.herokuapp.com
DigiCert SHA2 High Assurance Server CA		 2020-06-15 -
2021-07-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://cardware-admin-staging1.herokuapp.com/
Frame ID: 5B2D62DA1AF58713478B56D8B5663C8D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://tsicapp.com/ HTTP 301
    https://cardware-admin-staging1.herokuapp.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1619 kB
Transfer

4837 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tsicapp.com/ HTTP 301
    https://cardware-admin-staging1.herokuapp.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
cardware-admin-staging1.herokuapp.com/
Redirect Chain
  • http://tsicapp.com/
  • https://cardware-admin-staging1.herokuapp.com/
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Next.js
Resource Hash
ae34eb06bc6c1633e7a565062ccb02dac9731111238fa8cd212a0face64ac3d3
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Host
cardware-admin-staging1.herokuapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Cowboy
Connection
keep-alive
X-Powered-By
Next.js
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Feature-Policy
*
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Access-Control-Allow-Headers
Content-Type
Set-Cookie
redirectedAuthState=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT redirectedAuthState=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT redirectedAuthState=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT redirectedAuthState=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Etag
"c98-icyAHXAtGdgvgNV+wG1LF1gUcGE"
Content-Type
text/html; charset=utf-8
Content-Length
3224
Date
Sun, 13 Dec 2020 03:56:49 GMT
Via
1.1 vegur

Redirect headers

Server
nginx/1.16.1
Date
Sun, 13 Dec 2020 03:56:48 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
close
Location
https://cardware-admin-staging1.herokuapp.com/
commons.6cc1840d.chunk.css
cardware-admin-staging1.herokuapp.com/_next/static/css/ 		110 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/css/commons.6cc1840d.chunk.css
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
16c44cf9f5d7520300566994c2cf772c8d774a475c7ce5337558a78dcb36ad85
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"1b735-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=0
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
styles.ef8328af.chunk.css
cardware-admin-staging1.herokuapp.com/_next/static/css/ 		281 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/css/styles.ef8328af.chunk.css
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
433f216d2f633ec17cc0cb1037c4e36bcaa186ea80da9da9d70fef44be6a82f7
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"4652e-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=0
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
organizations.js
cardware-admin-staging1.herokuapp.com/_next/static/VTQjK9uqyGCfY9tdVrcW6/pages/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/VTQjK9uqyGCfY9tdVrcW6/pages/organizations.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
aa9bf70377d57751c333b29f93ec4da5552be1cd9e6e44346442ecc203ec9c4d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"994f-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
_app.js
cardware-admin-staging1.herokuapp.com/_next/static/VTQjK9uqyGCfY9tdVrcW6/pages/ 		541 KB
151 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/VTQjK9uqyGCfY9tdVrcW6/pages/_app.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
283050cba51d9411210feef5895e198b6b326824d526eab7c516a97772a211b4
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"8723a-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
webpack-0087a1342f16cea07488.js
cardware-admin-staging1.herokuapp.com/_next/static/runtime/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/runtime/webpack-0087a1342f16cea07488.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
08ba647f16181aeb74715f63115d7f4455d9d36f3e82f2cd3016b864bbe6f373
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"927-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
commons.8544bde9970829c917c7.js
cardware-admin-staging1.herokuapp.com/_next/static/chunks/ 		3 MB
938 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/chunks/commons.8544bde9970829c917c7.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
5e81c43c75a8e7344df030fd94d240a11dec16c0c8d03d3417c94d28d2435985
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"31dae6-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
styles.a6a012fb60c358ec28f5.js
cardware-admin-staging1.herokuapp.com/_next/static/chunks/ 		396 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/chunks/styles.a6a012fb60c358ec28f5.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
0d4528b30fee6cf13aba44d45bd1b2bb9a025f812542dfabe2004f2c9e41b7c6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Powered-By
Express
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Content-Length
396
Etag
W/"18c-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
main-41efa0b0db5c44254055.js
cardware-admin-staging1.herokuapp.com/_next/static/runtime/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/runtime/main-41efa0b0db5c44254055.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
620f36524f2619620b6d5c2730a9134eedb86dd93eede62b91cc438e1366b087
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"36b5-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
redactor.min.css
cardware-admin-staging1.herokuapp.com/static/redactor/ 		42 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/static/redactor/redactor.min.css
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
35f0945e8b89a339eaf13026cb1bf44d38e9a4de039c6cad0c3a6fc2dc5c874f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"a6a2-1764be27120"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:01:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=0
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
redactor.min.js
cardware-admin-staging1.herokuapp.com/static/redactor/ 		259 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/static/redactor/redactor.min.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
4353181dcd21b7c51cdb779f36107d7b5112a4b445e1861ea0a3808549bcc542
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"40a80-1764be27120"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:01:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:49 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=0
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
login.js
cardware-admin-staging1.herokuapp.com/_next/static/VTQjK9uqyGCfY9tdVrcW6/pages/ 		28 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/VTQjK9uqyGCfY9tdVrcW6/pages/login.js
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/_next/static/runtime/main-41efa0b0db5c44254055.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
6900312b2ae10c789dd9b990fd093fcc8a56afa56f30826e193b420e2bccc7fb
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
X-Powered-By
Express
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Etag
W/"6fc1-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Date
Sun, 13 Dec 2020 03:56:50 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Via
1.1 vegur
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
cxl_bg-3b1d2e994ff3794a626b24f285c17230.jpg
cardware-admin-staging1.herokuapp.com/_next/static/images/ 		250 KB
250 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/images/cxl_bg-3b1d2e994ff3794a626b24f285c17230.jpg
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
0c40874743d2321a6118f0fddbd3e244edbdada05925b45263e4d49aae0b592b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Powered-By
Express
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Content-Length
255615
Etag
W/"3e67f-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
Date
Sun, 13 Dec 2020 03:56:50 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9afb6cc351e28d8f03ff6189363febe6ab4bd29cd041acc6249c72fff798e060

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
ibmplexsans-extralight-webfont-2b4b256f9371d2c6330923d775d36f9e.woff2
cardware-admin-staging1.herokuapp.com/_next/static/chunks/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/chunks/fonts/ibmplexsans-extralight-webfont-2b4b256f9371d2c6330923d775d36f9e.woff2
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/_next/static/css/styles.ef8328af.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
1c54285f68ca9cca3e8e0b8509b653c8bf6218b6d55c2b5f4bb454442af54787
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://cardware-admin-staging1.herokuapp.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Powered-By
Express
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Content-Length
25372
Etag
W/"631c-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
Date
Sun, 13 Dec 2020 03:56:50 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
ibmplexsans-light-webfont-5afb457b7eca0fb0be43f51f251bd852.woff2
cardware-admin-staging1.herokuapp.com/_next/static/chunks/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/chunks/fonts/ibmplexsans-light-webfont-5afb457b7eca0fb0be43f51f251bd852.woff2
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/_next/static/css/styles.ef8328af.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
6021efea5ae6fbcf5dd6ece7e5a5f9e0f03c5e49b47249836de5ac34b8bdc68f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://cardware-admin-staging1.herokuapp.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Powered-By
Express
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Content-Length
25416
Etag
W/"6348-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
Date
Sun, 13 Dec 2020 03:56:50 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
ibmplexsans-medium-webfont-8bff50dd2e0d64f2446c4bb648447d96.woff2
cardware-admin-staging1.herokuapp.com/_next/static/chunks/fonts/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cardware-admin-staging1.herokuapp.com/_next/static/chunks/fonts/ibmplexsans-medium-webfont-8bff50dd2e0d64f2446c4bb648447d96.woff2
Requested by
Host: cardware-admin-staging1.herokuapp.com
URL: https://cardware-admin-staging1.herokuapp.com/_next/static/css/styles.ef8328af.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.62.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-62-191.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
c667bf0f84d27a84a3ab9a4a441ec9d0094c94d7d03cb9e5daa3e351bda21c6f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://cardware-admin-staging1.herokuapp.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Powered-By
Express
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Connection
keep-alive
Content-Length
26948
Etag
W/"6944-1764be70500"
Referrer-Policy
no-referrer
Last-Modified
Thu, 10 Dec 2020 09:06:40 GMT
Server
Cowboy
Date
Sun, 13 Dec 2020 03:56:50 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, immutable
Feature-Policy
*
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $R function| Redactor object| webpackJsonp object| __NEXT_P object| __core-js_shared__ object| regeneratorRuntime object| __NEXT_DATA__ function| _ object| core function| setImmediate function| clearImmediate function| __NEXT_PRELOADREADY object| __SECRET_EMOTION__ object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ object| Base64 object| next object| __NEXT_REDUX_STORE__

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: blob: https://d17a06j7epy7q2.cloudfront.net:* http://cardware-api-staging1.herokuapp.com:* https://storage.googleapis.com:* youtube.com:*; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN