www.sqreen.com Open in urlscan Pro
2a03:b0c0:3:d0::d19:7001 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sqreen.com/checklists/saas-cto-security-checklist
Submission: On May 30 via automatic, source hackernews (May 30th 2019, 8:38:50 pm UTC)

Summary HTTP 117 Redirects Links 107 Behaviour Indicators

Summary

This website contacted 43 IPs in 7 countries across 35 domains to perform 117 HTTP transactions. The main IP is 2a03:b0c0:3:d0::d19:7001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is www.sqreen.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 5th 2019. Valid for: 3 months.

This is the only time www.sqreen.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2a03:b0c0:3:d... 2a03:b0c0:3:d0::d19:7001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1	2606:4700::68... 2606:4700::6813:c697	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6812:e753	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	13.35.254.25 13.35.254.25	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.35.253.23 13.35.253.23	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
3	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	99.86.0.85 99.86.0.85	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.35.255.17 13.35.255.17	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2001:4860:480... 2001:4860:4802:32::15	15169 (GOOGLE) (GOOGLE - Google LLC)
18	2a00:f48:2000... 2a00:f48:2000:1023::3	47447 (TTM) (TTM)
1	18.203.78.160 18.203.78.160	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.89.222.195 52.89.222.195	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	13.35.253.127 13.35.253.127	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
10	13.35.253.11 13.35.253.11	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.36.157 151.101.36.157	54113 (FASTLY) (FASTLY - Fastly)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.35.253.118 13.35.253.118	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81f::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.2.217 151.101.2.217	54113 (FASTLY) (FASTLY - Fastly)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
5	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	3.210.113.103 3.210.113.103	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
7 10	18.203.165.119 18.203.165.119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER - Twitter Inc.)
1 2	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
3 4	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.35.253.27 13.35.253.27	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	13.35.253.67 13.35.253.67	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	54.148.199.253 54.148.199.253	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 3	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	52.5.43.50 52.5.43.50	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	34.224.253.46 34.224.253.46	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	2a00:1288:110... 2a00:1288:110:833::4000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
1	213.19.162.90 213.19.162.90	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1 1	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	185.33.223.209 185.33.223.209	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
3	13.35.253.116 13.35.253.116	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.35.253.60 13.35.253.60	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
117	43

13 2a03:b0c0:3:d0::d19:7001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

www.sqreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c697 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e753 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

api.producthunt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.35.254.25 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-254-25.fra6.r.cloudfront.net

d33wubrfki0l68.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.23 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-23.fra6.r.cloudfront.net

assets.sqreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.0.85 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-99-86-0-85.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.255.17 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-255-17.fra6.r.cloudfront.net

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE - Google LLC, US)

fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:f48:2000:1023::3 (Germany)

ASN47447 (TTM, DE)

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.78.160 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-203-78-160.eu-west-1.compute.amazonaws.com

reports-api.sqreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.194.58 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.89.222.195 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-89-222-195.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.127 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-127.fra6.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.35.253.11 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-11.fra6.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.36.157 (Amsterdam, Netherlands)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.118 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-118.fra6.r.cloudfront.net

tag.getdrip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.217 (United States)

ASN54113 (FASTLY - Fastly, US)

tag.perfectaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.113.103 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-210-113-103.compute-1.amazonaws.com

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 18.203.165.119 (Dublin, Ireland) 7 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-203-165-119.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9d (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.27 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-27.fra6.r.cloudfront.net

api.getdrip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.253.67 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-67.fra6.r.cloudfront.net

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.148.199.253 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-199-253.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:11:101::b93f:9005 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.5.43.50 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-5-43-50.compute-1.amazonaws.com

cs.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.224.253.46 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-224-253-46.compute-1.amazonaws.com

pixel.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.195 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:833::4000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.241.240.143 (Amsterdam, Netherlands) 1 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.162.90 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.2 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.209 (Netherlands) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 314.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.253.116 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-116.fra6.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.60 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-60.fra6.r.cloudfront.net

static.intercomassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	sumo.com load.sumo.com sumo.com	637 KB
15	sqreen.com www.sqreen.com assets.sqreen.com reports-api.sqreen.com	477 KB
13	intercomcdn.com js.intercomcdn.com	476 KB
11	prfct.co 7 redirects pixel-geo.prfct.co pixel.prfct.co	5 KB
6	facebook.com www.facebook.com	768 B
6	cloudfront.net d33wubrfki0l68.cloudfront.net	54 KB
5	doubleclick.net 4 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	2 KB
5	google-analytics.com www.google-analytics.com	18 KB
5	facebook.net connect.facebook.net	134 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	1 KB
4	google.de www.google.de	439 B
4	google.com 3 redirects www.google.com	960 B
3	intercom.io 1 redirects widget.intercom.io api-iam.intercom.io	4 KB
3	googleapis.com fonts.googleapis.com	3 KB
2	adnxs.com 1 redirects secure.adnxs.com	2 KB
2	openx.net 1 redirects us-u.openx.net	587 B
2	twitter.com analytics.twitter.com	518 B
2	googleadservices.com www.googleadservices.com	10 KB
2	getdrip.com tag.getdrip.com api.getdrip.com	34 KB
2	fullstory.com fullstory.com rs.fullstory.com	61 KB
2	heapanalytics.com cdn.heapanalytics.com heapanalytics.com	27 KB
2	jquery.com code.jquery.com	97 KB
1	intercomassets.com static.intercomassets.com	7 KB
1	rubiconproject.com pixel.rubiconproject.com	371 B
1	yahoo.com ads.yahoo.com	341 B
1	marinsm.com 1 redirects cs.marinsm.com	242 B
1	t.co t.co	173 B
1	perfectaudience.com tag.perfectaudience.com	5 KB
1	googletagmanager.com www.googletagmanager.com	19 KB
1	licdn.com snap.licdn.com	5 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	segment.io api.segment.io	142 B
1	segment.com cdn.segment.com	62 KB
1	producthunt.com api.producthunt.com	1 KB
1	cloudflare.com cdnjs.cloudflare.com	3 KB
117	35

	Domain	Requested by
18	load.sumo.com	www.sqreen.com load.sumo.com
13	js.intercomcdn.com	www.sqreen.com js.intercomcdn.com
13	www.sqreen.com	www.sqreen.com
10	pixel-geo.prfct.co	7 redirects www.sqreen.com
7	sumo.com	load.sumo.com
6	www.facebook.com	www.sqreen.com
6	d33wubrfki0l68.cloudfront.net	www.sqreen.com
5	www.google-analytics.com	cdn.segment.com www.google-analytics.com www.sqreen.com
5	connect.facebook.net	cdn.segment.com connect.facebook.net
4	www.google.de	www.sqreen.com
4	www.google.com	3 redirects www.sqreen.com
3	px.ads.linkedin.com	2 redirects
3	fonts.googleapis.com	www.sqreen.com load.sumo.com
2	secure.adnxs.com	1 redirects
2	us-u.openx.net	1 redirects
2	analytics.twitter.com	static.ads-twitter.com
2	api-iam.intercom.io	js.intercomcdn.com
2	stats.g.doubleclick.net	2 redirects
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.googleadservices.com	cdn.segment.com www.googleadservices.com
2	code.jquery.com	www.sqreen.com
1	static.intercomassets.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com
1	ads.yahoo.com
1	pixel.prfct.co
1	cs.marinsm.com	1 redirects
1	www.linkedin.com	1 redirects
1	api.getdrip.com	tag.getdrip.com
1	t.co	www.sqreen.com
1	heapanalytics.com	www.sqreen.com
1	tag.perfectaudience.com	cdn.segment.com
1	www.googletagmanager.com	cdn.segment.com
1	tag.getdrip.com	cdn.segment.com
1	snap.licdn.com	cdn.segment.com
1	static.ads-twitter.com	cdn.segment.com
1	widget.intercom.io	1 redirects
1	api.segment.io	cdn.segment.com
1	rs.fullstory.com	fullstory.com
1	reports-api.sqreen.com	www.sqreen.com
1	fullstory.com	www.sqreen.com
1	cdn.heapanalytics.com	www.sqreen.com
1	cdn.segment.com	www.sqreen.com
1	assets.sqreen.com	www.sqreen.com
1	api.producthunt.com	www.sqreen.com
1	cdnjs.cloudflare.com	www.sqreen.com
117	46

This site contains links to these domains. Also see Links.

Domain
docs.sqreen.com
blog.sqreen.com
my.sqreen.com
www.producthunt.com
www.facebook.com
twitter.com
www.linkedin.com
www.secureworks.com
resources.infosecinstitute.com
sudo.pagerduty.com
www.cnet.com
support.apple.com
wiki.archlinux.org
support.microsoft.com
github.com
www.rippling.com
medium.com
www.darkreading.com
www.stormshield.com
www.microsoft.com
en.wikipedia.org
support.google.com
get.slack.help
www.yubico.com
www.dashlane.com
lastpass.com
onelogin.com
www.owasp.org
www.infosecurity-magazine.com
www.digitalocean.com
www.vaultproject.io
nacl.cr.yp.to
safecode.org
techbeacon.com
www.softwaretestinghelp.com
sqreen.com
snyk.io
www8.hp.com
aws.amazon.com
www.loggly.com
www.elastic.co
www.ssllabs.com
docs.aws.amazon.com
spacewalkproject.github.io
cloud.google.com
intruder.io
www.tenable.com
letsencrypt.org
www.cloudflare.com
newrelic.com
www.sysdig.com
hbr.org
www.enterpriseready.io
securitycultureframework.net
i.blackhat.com
magoo.github.io
www.airbnb.com
www.apple.com
zeltser.com
security.openstack.org
www.amazon.com
blog.trailofbits.com
codex.wordpress.org
ayeks.de
www.yeswehack.com
hackerone.com
cobalt.io
www.ispartnersllc.com
www.icann.org
www.eurodns.com
auth0.com
www.okta.com
www.digicert.com
castle.io
changelog.sqreen.com
sqreen.status.io

Subject Issuer	Validity	Valid
myheaders.sqreen.io Let's Encrypt Authority X3	`2019-05-05` - `2019-08-03`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-02` - `2019-09-08`	6 months	crt.sh
ssl400516.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-04-13` - `2019-10-20`	6 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
assets.sqreen.com Amazon	`2019-03-25` - `2020-04-25`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-05-07` - `2019-07-30`	3 months	crt.sh
*.segment.com DigiCert SHA2 Secure Server CA	`2018-05-08` - `2019-07-18`	a year	crt.sh
cdn.heapanalytics.com Amazon	`2018-11-20` - `2019-12-20`	a year	crt.sh
*.fullstory.com COMODO RSA Domain Validation Secure Server CA	`2017-12-27` - `2021-03-26`	3 years	crt.sh
*.sumo.com Go Daddy Secure Certificate Authority - G2	`2018-11-17` - `2020-01-16`	a year	crt.sh
reports-api.sqreen.com Amazon	`2019-02-12` - `2020-03-12`	a year	crt.sh
*.segment.io DigiCert SHA2 Secure Server CA	`2018-05-10` - `2019-07-26`	a year	crt.sh
*.intercomcdn.com Amazon	`2019-04-27` - `2020-05-27`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2018-08-16` - `2019-08-21`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.getdrip.com Amazon	`2019-04-25` - `2020-05-25`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-05-07` - `2019-07-30`	3 months	crt.sh
b2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-30` - `2019-09-07`	3 months	crt.sh
www.googleadservices.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-07-21`	3 months	crt.sh
heapanalytics.com Amazon	`2019-02-20` - `2020-03-20`	a year	crt.sh
*.prfct.co DigiCert SHA2 Secure Server CA	`2016-09-09` - `2019-09-26`	3 years	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-03-07` - `2020-03-07`	a year	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
*.intercom.com Amazon	`2018-07-09` - `2019-08-09`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-01-28` - `2020-01-28`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-01-03` - `2019-07-02`	6 months	crt.sh
*.openx.net DigiCert ECC Secure Server CA	`2019-02-08` - `2020-05-12`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
intercomassets.com Amazon	`2018-10-11` - `2019-11-11`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.sqreen.com/checklists/saas-cto-security-checklist
Frame ID: 7E9FAB38E807A1A8EB482F1AE72F3D47
Requests: 105 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame.e8bd5f6e.js
Frame ID: 0AA46D97A9D1F476DA54FBC67F0D907C
Requests: 10 HTTP requests in this frame

Frame: https://js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff
Frame ID: 0C727159860E5A5A7A265FD360B0A677
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/images/dismiss.249568e7.png
Frame ID: D2E4DF9F91345DB6FC9563CA376DBCC6
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /Netlify/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /heap-\d+.js/i
env /^heap$/i

Intercom (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^Intercom$/i

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<script[\s\S]*cdn\.segment\.com\/analytics.js[\s\S]*script>/i
script /cdn\.segment\.com\/analytics\.js/i
env /^analytics$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

117
Requests

100 %
HTTPS

38 %
IPv6

35
Domains

46
Subdomains

43
IPs

7
Countries

2142 kB
Transfer

8545 kB
Size

11
Cookies

107 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.sqreen.com/
Title: Docs

Search URL Search Domain Scan URL

URL: https://blog.sqreen.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://my.sqreen.com/login
Title: Log in

Search URL Search Domain Scan URL

URL: https://my.sqreen.com/signup
Title: SIGN UP

Search URL Search Domain Scan URL

URL: https://www.producthunt.com/posts/saas-cto-security-checklist-2nd-edition?utm_source=badge-featured&utm_medium=badge&utm_souce=badge-saas-cto-security-checklist-2nd-edition

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist.html
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist.html&text=SaaS+CTO+Security+Checklist+%7C+Sqreen&via=SqreenIO&related=SqreenIO
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist.html
Title:

Search URL Search Domain Scan URL

URL: https://www.secureworks.com/blog/cybersecurity-awareness-training-best-practices
Title: https://www.secureworks.com/blog/cybersecurity-awareness-training-best-practices

Search URL Search Domain Scan URL

URL: https://resources.infosecinstitute.com/top-10-security-awareness-training-topics-for-your-employees/
Title: https://resources.infosecinstitute.com/top-10-security-awareness-training-topics-for-your-employees/

Search URL Search Domain Scan URL

URL: https://sudo.pagerduty.com/
Title: https://sudo.pagerduty.com/

Search URL Search Domain Scan URL

URL: https://www.cnet.com/how-to/7-ways-to-lock-your-macbook
Title: https://www.cnet.com/how-to/7-ways-to-lock-your-macbook

Search URL Search Domain Scan URL

URL: https://support.apple.com/en-us/HT204837
Title: https://support.apple.com/en-us/HT204837

Search URL Search Domain Scan URL

URL: https://wiki.archlinux.org/index.php/Dm-crypt
Title: https://wiki.archlinux.org/index.php/Dm-crypt

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/instantanswers/e7d75dd2-29c2-16ac-f03d-20cfdf54202f/turn-on-device-encryption
Title: https://support.microsoft.com/en-us/instantanswers/e7d75dd2-29c2-16ac-f03d-20cfdf54202f/turn-on-device-encryption

Search URL Search Domain Scan URL

URL: https://github.com/92bondstreet/awesome-onboarding
Title: https://github.com/92bondstreet/awesome-onboarding

Search URL Search Domain Scan URL

URL: https://www.rippling.com/
Title: https://www.rippling.com/

Search URL Search Domain Scan URL

URL: https://medium.com/starting-up-security/hiring-the-cso-b737c30e098f
Title: https://medium.com/starting-up-security/hiring-the-cso-b737c30e098f

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/threat-intelligence/the--typical--security-engineer-hiring-myths-and-stereotypes/a/d-id/133334
Title: https://www.darkreading.com/threat-intelligence/the–typical–security-engineer-hiring-myths-and-stereotypes/a/d-id/133334

Search URL Search Domain Scan URL

URL: https://www.stormshield.com/
Title: https://www.stormshield.com/

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/windows/windows-defender/
Title: https://www.microsoft.com/en-us/windows/windows-defender/

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Multi-factor_authentication
Title: https://en.wikipedia.org/wiki/Multi-factor_authentication

Search URL Search Domain Scan URL

URL: https://support.google.com/a/answer/184711
Title: https://support.google.com/a/answer/184711

Search URL Search Domain Scan URL

URL: https://get.slack.help/hc/en-us/articles/212221668-Require-two-factor-authentication-for-your-team
Title: https://get.slack.help/hc/en-us/articles/212221668-Require-two-factor-authentication-for-your-team

Search URL Search Domain Scan URL

URL: https://www.yubico.com/why-yubico/how-yubikey-works/
Title: https://www.yubico.com/why-yubico/how-yubikey-works/

Search URL Search Domain Scan URL

URL: https://www.dashlane.com/
Title: https://www.dashlane.com

Search URL Search Domain Scan URL

URL: https://lastpass.com/
Title: https://lastpass.com

Search URL Search Domain Scan URL

URL: https://onelogin.com/
Title: https://onelogin.com

Search URL Search Domain Scan URL

URL: https://support.apple.com/en-us/HT204085
Title: https://support.apple.com/en-us/HT204085

Search URL Search Domain Scan URL

URL: https://support.google.com/a/answer/6087519
Title: https://support.google.com/a/answer/6087519

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Systems_development_life_cycle
Title: https://en.wikipedia.org/wiki/Systems_development_life_cycle

Search URL Search Domain Scan URL

URL: https://github.com/devsecops/awesome-devsecops
Title: https://github.com/devsecops/awesome-devsecops

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/Top_10-2017_Top_10
Title: https://www.owasp.org/index.php/Top_10-2017_Top_10

Search URL Search Domain Scan URL

URL: https://www.infosecurity-magazine.com/opinions/comment-tips-for-private-key-management/
Title: https://www.infosecurity-magazine.com/opinions/comment-tips-for-private-key-management/

Search URL Search Domain Scan URL

URL: https://www.digitalocean.com/community/tutorials/an-introduction-to-managing-secrets-safely-with-version-control-systems
Title: https://www.digitalocean.com/community/tutorials/an-introduction-to-managing-secrets-safely-with-version-control-systems

Search URL Search Domain Scan URL

URL: https://www.vaultproject.io/
Title: https://www.vaultproject.io/

Search URL Search Domain Scan URL

URL: https://nacl.cr.yp.to/
Title: https://nacl.cr.yp.to/

Search URL Search Domain Scan URL

URL: https://safecode.org/
Title: https://safecode.org

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Title: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
Title: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/Source_Code_Analysis_Tools
Title: https://www.owasp.org/index.php/Source_Code_Analysis_Tools

Search URL Search Domain Scan URL

URL: https://docs.sqreen.com/security-automation/introduction-playbooks/
Title: https://docs.sqreen.com/security-automation/introduction-playbooks/

Search URL Search Domain Scan URL

URL: https://techbeacon.com/enterprise-it/how-lock-down-your-serverless-apps-five-steps
Title: https://techbeacon.com/enterprise-it/how-lock-down-your-serverless-apps-five-steps

Search URL Search Domain Scan URL

URL: https://www.softwaretestinghelp.com/penetration-testing-guide/
Title: https://www.softwaretestinghelp.com/penetration-testing-guide/

Search URL Search Domain Scan URL

URL: https://blog.sqreen.com/leverage-pentest/
Title: https://blog.sqreen.com/leverage-pentest/

Search URL Search Domain Scan URL

URL: https://sqreen.com/
Title: https://sqreen.com/

Search URL Search Domain Scan URL

URL: https://snyk.io/
Title: https://snyk.io/

Search URL Search Domain Scan URL

URL: http://www8.hp.com/us/en/software-solutions/appdefender-application-self-protection/
Title: http://www8.hp.com/us/en/software-solutions/appdefender-application-self-protection/

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/getting-started/backup-files-to-amazon-s3/
Title: https://aws.amazon.com/getting-started/backup-files-to-amazon-s3/

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Network_Time_Protocol
Title: https://en.wikipedia.org/wiki/Network_Time_Protocol

Search URL Search Domain Scan URL

URL: https://www.loggly.com/
Title: https://www.loggly.com/

Search URL Search Domain Scan URL

URL: https://www.elastic.co/products/kibana
Title: https://www.elastic.co/products/kibana

Search URL Search Domain Scan URL

URL: https://www.ssllabs.com/
Title: https://www.ssllabs.com/

Search URL Search Domain Scan URL

URL: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
Title: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Search URL Search Domain Scan URL

URL: https://github.com/containrrr/watchtower
Title: https://github.com/containrrr/watchtower

Search URL Search Domain Scan URL

URL: https://spacewalkproject.github.io/
Title: https://spacewalkproject.github.io/

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/cloudformation/
Title: https://aws.amazon.com/cloudformation/

Search URL Search Domain Scan URL

URL: https://cloud.google.com/deployment-manager/
Title: https://cloud.google.com/deployment-manager/

Search URL Search Domain Scan URL

URL: https://intruder.io/
Title: https://intruder.io/

Search URL Search Domain Scan URL

URL: https://www.tenable.com/downloads/nessus
Title: https://www.tenable.com/downloads/nessus

Search URL Search Domain Scan URL

URL: https://letsencrypt.org/
Title: https://letsencrypt.org/

Search URL Search Domain Scan URL

URL: https://support.google.com/webmasters/answer/6073543?hl=en
Title: https://support.google.com/webmasters/answer/6073543?hl=en

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/
Title: https://www.cloudflare.com/

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/cloudfront/
Title: https://aws.amazon.com/cloudfront/

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/fr/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/
Title: https://aws.amazon.com/fr/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/

Search URL Search Domain Scan URL

URL: https://newrelic.com/server-monitoring
Title: https://newrelic.com/server-monitoring

Search URL Search Domain Scan URL

URL: https://www.sysdig.com/
Title: https://www.sysdig.com/

Search URL Search Domain Scan URL

URL: https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust
Title: https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust

Search URL Search Domain Scan URL

URL: https://www.enterpriseready.io/gdpr/preparing-for-gdpr/
Title: https://www.enterpriseready.io/gdpr/preparing-for-gdpr/#

Search URL Search Domain Scan URL

URL: https://github.com/privacyradius/gdpr-checklist
Title: https://github.com/privacyradius/gdpr-checklist

Search URL Search Domain Scan URL

URL: https://securitycultureframework.net/
Title: https://securitycultureframework.net/

Search URL Search Domain Scan URL

URL: https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-OBoyle-SDL-at-Scale-Growing-Security-Champions.pdf
Title: https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-OBoyle-SDL-at-Scale-Growing-Security-Champions.pdf

Search URL Search Domain Scan URL

URL: https://resources.infosecinstitute.com/asset-management-guide-information-security-professionals/
Title: https://resources.infosecinstitute.com/asset-management-guide-information-security-professionals/

Search URL Search Domain Scan URL

URL: https://magoo.github.io/simple-risk/
Title: https://magoo.github.io/simple-risk/

Search URL Search Domain Scan URL

URL: https://www.airbnb.com/security
Title: https://www.airbnb.com/security

Search URL Search Domain Scan URL

URL: https://www.apple.com/support/security/
Title: https://www.apple.com/support/security/

Search URL Search Domain Scan URL

URL: https://zeltser.com/security-incident-response-program-tips/
Title: https://zeltser.com/security-incident-response-program-tips/

Search URL Search Domain Scan URL

URL: https://github.com/meirwah/awesome-incident-response
Title: https://github.com/meirwah/awesome-incident-response

Search URL Search Domain Scan URL

URL: https://security.openstack.org/vmt-process.html
Title: https://security.openstack.org/vmt-process.html

Search URL Search Domain Scan URL

URL: https://medium.com/@magoo/incident-response-writing-a-playbook-773e7920f171
Title: https://medium.com/@magoo/incident-response-writing-a-playbook-773e7920f171

Search URL Search Domain Scan URL

URL: https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk/dp/1536669741
Title: https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk/dp/1536669741

Search URL Search Domain Scan URL

URL: https://hbr.org/2017/11/the-key-to-better-cybersecurity-keep-employee-rules-simple
Title: https://hbr.org/2017/11/the-key-to-better-cybersecurity-keep-employee-rules-simple

Search URL Search Domain Scan URL

URL: https://medium.com/starting-up-security/starting-up-security-policy-104261d5438a
Title: https://medium.com/starting-up-security/starting-up-security-policy-104261d5438a

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
Title: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Search URL Search Domain Scan URL

URL: https://blog.trailofbits.com/2015/07/07/how-to-harden-your-google-apps/
Title: https://blog.trailofbits.com/2015/07/07/how-to-harden-your-google-apps/

Search URL Search Domain Scan URL

URL: https://support.google.com/a/answer/7587183?hl=en
Title: https://support.google.com/a/answer/7587183?hl=en

Search URL Search Domain Scan URL

URL: https://codex.wordpress.org/Hardening_WordPress
Title: https://codex.wordpress.org/Hardening_WordPress

Search URL Search Domain Scan URL

URL: https://medium.com/@longtermsec/more-tips-for-securing-your-g-suite-4d617bd04bc8
Title: https://medium.com/@longtermsec/more-tips-for-securing-your-g-suite-4d617bd04bc8

Search URL Search Domain Scan URL

URL: https://get.slack.help/hc/en-us/articles/115004155306-Security-tips-to-protect-your-workspace
Title: https://get.slack.help/hc/en-us/articles/115004155306-Security-tips-to-protect-your-workspace

Search URL Search Domain Scan URL

URL: https://ayeks.de/post/2018-06-11-automating_and_scaling_security/
Title: https://ayeks.de/post/2018-06-11-automating_and_scaling_security/

Search URL Search Domain Scan URL

URL: https://www.yeswehack.com/en/index.html
Title: https://www.yeswehack.com/en/index.html

Search URL Search Domain Scan URL

URL: https://hackerone.com/
Title: https://hackerone.com/

Search URL Search Domain Scan URL

URL: https://cobalt.io/
Title: https://cobalt.io

Search URL Search Domain Scan URL

URL: https://www.ispartnersllc.com/blog/4-areas-security-practice-soc-2/
Title: https://www.ispartnersllc.com/blog/4-areas-security-practice-soc-2/

Search URL Search Domain Scan URL

URL: https://www.icann.org/news/blog/do-you-have-a-domain-name-here-s-what-you-need-to-know-part-4
Title: https://www.icann.org/news/blog/do-you-have-a-domain-name-here-s-what-you-need-to-know-part-4

Search URL Search Domain Scan URL

URL: https://www.eurodns.com/blog/domain-name-security-best-practices
Title: https://www.eurodns.com/blog/domain-name-security-best-practices

Search URL Search Domain Scan URL

URL: https://resources.infosecinstitute.com/5-best-practices-for-ensuring-data-privacy/
Title: https://resources.infosecinstitute.com/5-best-practices-for-ensuring-data-privacy/

Search URL Search Domain Scan URL

URL: https://auth0.com/
Title: https://auth0.com/

Search URL Search Domain Scan URL

URL: https://www.okta.com/
Title: https://www.okta.com/

Search URL Search Domain Scan URL

URL: https://www.digicert.com/blog/creating-password-policy-best-practices/
Title: https://www.digicert.com/blog/creating-password-policy-best-practices/

Search URL Search Domain Scan URL

URL: https://castle.io/
Title: https://castle.io

Search URL Search Domain Scan URL

URL: http://changelog.sqreen.com/
Title: Change Log

Search URL Search Domain Scan URL

URL: http://sqreen.status.io/
Title: Service Status

Search URL Search Domain Scan URL

URL: https://github.com/Sqreen
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/SqreenIO
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sqreen
Title:

Search URL Search Domain Scan URL

URL: https://docs.sqreen.com/faq/sqreen-badges/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://widget.intercom.io/widget/ev3k1dfl HTTP 302
https://js.intercomcdn.com/shim.latest.js

Request Chain 46

https://pixel-geo.prfct.co/tagjs?a_id=68484&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=68484&source=js_tag

Request Chain 51

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j76&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&gjid=2147368074&_gid=543669902.1559248715&_u=aGBAgEAj~&z=635734535 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&_v=j76&z=635734535 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&_v=j76&z=635734535&slf_rd=1&random=2500656960

Request Chain 57

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.sqreen.com/checklists/saas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Sz_wXIWlCsGKrASpu6r4BQ&sscte=1&crd=&gtd= HTTP 302
https://www.google.com/pagead/1p-conversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.sqreen.com/checklists/saas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&cdct=2&is_vtc=1&ocp_id=Sz_wXIWlCsGKrASpu6r4BQ&random=514055911&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.sqreen.com/checklists/saas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&cdct=2&is_vtc=1&ocp_id=Sz_wXIWlCsGKrASpu6r4BQ&random=514055911&resp=GooglemKTybQhCsO&ipr=y

Request Chain 65

https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1559248715530%26pid%3D89248%26url%3Dhttps%253A%252F%252Fwww.sqreen.com%252Fchecklists%252Fsaas-cto-security-checklist%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 66

https://pixel-geo.prfct.co/cs/?partnerId=mrin HTTP 302
https://cs.marinsm.com/mrin HTTP 302
https://pixel.prfct.co/cb?partnerId=mrin

Request Chain 67

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_CbliMJ1hcSHPJNICR

Request Chain 68

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ads.yahoo.com/pixel?id=2539961&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fnwid%3D10001073209%26eid%3Dpa_CbliMJ1hcSHPJNICR%26sigv%3D1%26esig%3D2%7Ee3330524eedfee2d9cd2489be58659a66dc97841

Request Chain 69

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_CbliMJ1hcSHPJNICR HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_CbliMJ1hcSHPJNICR

Request Chain 70

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_CbliMJ1hcSHPJNICR

Request Chain 71

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfQ2JsaU1KMWhjU0hQSk5JQ1I HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 74

https://secure.adnxs.com/seg?t=2&add=7394124 HTTP 302
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D7394124

Request Chain 114

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j76&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&gjid=1045563793&_gid=543669902.1559248715&_u=aHBAgEAj~&z=1160326974 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&_v=j76&z=1160326974 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&_v=j76&z=1160326974&slf_rd=1&random=1602682795

117 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request saas-cto-security-checklist Show response
www.sqreen.com/checklists/ 127 KB
30 KB 25ms
9ms Document
text/html 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

ab7239ac20ad779edc8d40e2fcd90b4b4d3b6568f9a2f4df38cab9632c3a933d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.sqreen.com
:scheme: https
:path: /checklists/saas-cto-security-checklist
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
cache-control: public, max-age=0, must-revalidate
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
content-type: text/html; charset=UTF-8
date: Thu, 30 May 2019 20:18:44 GMT
etag: "0669d46acdf9102c16d3c82a6e5fdf9a-ssl-df"
referrer-policy: same-origin
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-protected-by: Sqreen
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 25794
age: 1191
server: Netlify
vary: Accept-Encoding
x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752296

GET
H2 200 style.css
www.sqreen.com/css/ 316 KB
43 KB 18ms
16ms Stylesheet
text/css 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/css/style.css

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

080bd454a720acfee846ed5ca61c16079e819386234c4c37d79ddb3e50387124

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752306
date: Thu, 30 May 2019 15:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19267
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 44366
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "b53ef62033898495333cb82e94f1cf0e-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 font-awesome.min.css
www.sqreen.com/css/ 30 KB
7 KB 10ms
8ms Stylesheet
text/css 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/css/font-awesome.min.css

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

bebbe9bc343df004372f29e4189b79f76cf1b38ad3e2d37df9ca05c36dc43d98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752307
date: Thu, 30 May 2019 15:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19267
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 7054
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "fdb61e3ff28d701bc3dfc597df6141e5-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 purser.js Show response
www.sqreen.com/js/ 2 KB
905 B 9ms
7ms Script
application/javascript 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/js/purser.js

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

5e7cc919d6aad76a106d34dfa95d2b87d6cd925eb8e19fcfbc98a7c79e4b3ed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752308
date: Thu, 30 May 2019 15:17:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19267
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 749
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "88a28a57f19c403ba6db099d0c258e59-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 qs.min.js Show response
cdnjs.cloudflare.com/ajax/libs/qs/6.5.0/ 8 KB
3 KB 13ms
12ms Script
application/javascript 2606:4700::6813:c697
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/qs/6.5.0/qs.min.js

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c697 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4976bdfa792eaeec191f6b9a88beb27c2d7a15c2c2670fab634eed012f4567e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:26:24 GMT
server: cloudflare
etag: W/"5afd4ac0-201f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 19 May 2020 20:38:34 GMT
cache-control: public, max-age=30672000
cf-ray: 4df3832f1f7496ce-FRA
served-in-seconds: 0.364

GET
H2 200 featured.svg
api.producthunt.com/widgets/embed-image/v1/ 2 KB
1 KB 141ms
73ms Image
image/svg+xml 2606:4700::6812:e753
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=156974&theme=light

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e753 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d53035e1fdb22e81ef3b55ee42294b0bba342aa8351678029783c83219aa8b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-request-id: 8ba92cbd-4007-433a-92e7-605d1a8f30c0
x-runtime: 0.014242
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"d53035e1fdb22e81ef3b55ee42294b0b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 4df3832f9a18d721-FRA
expires: Fri, 31 May 2019 00:38:34 GMT

GET
H2 200 icon-fullscreen.svg
d33wubrfki0l68.cloudfront.net/39a4a5ee0d0ff0385bcd05d5715988e55dcd08fe/dc6c7/img/new/icons/ 335 B
628 B 73ms
15ms Image
image/svg+xml 13.35.254.25
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/39a4a5ee0d0ff0385bcd05d5715988e55dcd08fe/dc6c7/img/new/icons/icon-fullscreen.svg
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.25 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-25.fra6.r.cloudfront.net
Software: Netlify /
Resource Hash: 2b972c0a9e9a2c94bb689fa663bf268ca6d703fe33e967a24d73fd16fa2818b7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 0cbeba2a-1d06-4cba-9290-c77b7a638d46-94347382
date: Sun, 24 Mar 2019 08:14:10 GMT
content-encoding: gzip
age: 5833464
x-cache: Hit from cloudfront
status: 200
content-length: 212
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Netlify
etag: 483066025b700d5c15f02fd4e8617689a441cbba-df
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
x-amz-cf-id: aM4Ydrze3zIms4MKgo9lnZ1c9HkIjEit4xZ0sGERbsOPHhXFuaLspg==

GET
H2 200 tada.png
d33wubrfki0l68.cloudfront.net/d64db65ace7225a836a70d6be65505c9a28a66c3/c3ba1/img/new/icons/ 48 KB
49 KB 32ms
24ms Image
image/png 13.35.254.25
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/d64db65ace7225a836a70d6be65505c9a28a66c3/c3ba1/img/new/icons/tada.png
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.25 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-25.fra6.r.cloudfront.net
Software: Netlify /
Resource Hash: 306d4d57ca77621de5c58085840d025e0464235c45b4615758d7539a14f01d2c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 94bea221-e2c2-475e-bce3-fffdaac3c84d-30562582
date: Thu, 02 May 2019 17:12:04 GMT
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Netlify
age: 2431591
etag: bdf492be4cb0644695a9b481385969fc30c56c3f
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: public, max-age=31556926
accept-ranges: bytes
access-control-allow-origin: *
content-length: 49294
x-amz-cf-id: iqxcEx9eMvPmWCmEPzmqaFiD1xNAzicqlQjzBzC11ORlh-ud_VFoYg==

GET
H2 200 paper-plane-illu.svg
d33wubrfki0l68.cloudfront.net/a62fdc8b30e1ea75724fdbe56d53e810ff89c5a5/cd519/img/new/illustrations/ 4 KB
2 KB 24ms
16ms Image
image/svg+xml 13.35.254.25
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/a62fdc8b30e1ea75724fdbe56d53e810ff89c5a5/cd519/img/new/illustrations/paper-plane-illu.svg
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.25 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-25.fra6.r.cloudfront.net
Software: Netlify /
Resource Hash: c307f9d7dd63c2288f9b40b4f940f36de97d426f2571d0cac84e38de653ed707

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 0cbeba2a-1d06-4cba-9290-c77b7a638d46-49999852
date: Sat, 23 Mar 2019 03:39:14 GMT
content-encoding: gzip
age: 5936360
x-cache: Hit from cloudfront
status: 200
content-length: 1610
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Netlify
etag: de640f9931f03d410bc7ec0b0094ac45074a283e-df
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
x-amz-cf-id: NjmKwo-YSm5Iciez5XjfbUTFT-d3RMuDoVlJXpR3N2zYk8LIa5JvpQ==

GET
H2 200 github-icon.svg
d33wubrfki0l68.cloudfront.net/8f09b98b1334c5ef2cb2f5dc260971229d1a06b3/49bb5/img/new/logos/ 2 KB
1 KB 44ms
36ms Image
image/svg+xml 13.35.254.25
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/8f09b98b1334c5ef2cb2f5dc260971229d1a06b3/49bb5/img/new/logos/github-icon.svg
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.25 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-25.fra6.r.cloudfront.net
Software: Netlify /
Resource Hash: 99f98dbdc42cfe095ad06ce2a2a676106205dc4f4ee64b04c759de608a55abfe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 0cbeba2a-1d06-4cba-9290-c77b7a638d46-50361648
date: Sat, 23 Mar 2019 04:20:33 GMT
content-encoding: gzip
age: 5933881
x-cache: Hit from cloudfront
status: 200
content-length: 834
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Netlify
etag: 123d64222f1520224c6d9625f72c80ca47318f57-df
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
x-amz-cf-id: FVbuok7t0O97pPdKI3AFrtv1J9IcsJvvHo573OUnOUEViM8WrlkvWA==

GET
H2 200 twitter-icon.svg
d33wubrfki0l68.cloudfront.net/3ff3317a8dc0f0e4e4917f2ae8970b4e80cda5b5/4f20e/img/new/logos/ 981 B
1008 B 23ms
16ms Image
image/svg+xml 13.35.254.25
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/3ff3317a8dc0f0e4e4917f2ae8970b4e80cda5b5/4f20e/img/new/logos/twitter-icon.svg
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.25 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-25.fra6.r.cloudfront.net
Software: Netlify /
Resource Hash: e5b6d6d4ccf96f50e9aa6ba5d235888cb7e82f309f89d86925b4ca0cf5678e42

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: 378fdc80-052e-4501-9cde-c58c79d07959-80286123
date: Sun, 05 May 2019 06:56:05 GMT
content-encoding: gzip
age: 2209349
x-cache: Hit from cloudfront
status: 200
content-length: 592
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Netlify
etag: ad67350b41cb61772a81adafaf5d78c87a1cc862-df
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
x-amz-cf-id: XmPiu1beQrdPv25nmkeBAhzP59th0SwLVQBcYjxIaMc-jzc-7Oy7wA==

GET
H2 200 linkedin-icon.svg
d33wubrfki0l68.cloudfront.net/cc3606fa27a57e4285450f26a02fed156da314fb/4df6d/img/new/logos/ 794 B
915 B 25ms
18ms Image
image/svg+xml 13.35.254.25
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/cc3606fa27a57e4285450f26a02fed156da314fb/4df6d/img/new/logos/linkedin-icon.svg
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.25 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-25.fra6.r.cloudfront.net
Software: Netlify /
Resource Hash: a275a2b875378f8727cf0910679f171c73982c569101b03f77a88df16facb338

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: e669ba32-378e-4f49-a866-746934c5ab07-1243880
date: Sat, 25 Aug 2018 08:01:24 GMT
content-encoding: gzip
age: 24064630
x-cache: Hit from cloudfront
status: 200
content-length: 499
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Netlify
etag: 6e0e1898f6f461b35019ee4c5cd5c45b9c204b8b-df
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
x-amz-cf-id: cX4y1B329HiVLTsLSQaFr5mNSGzHlrKSTl29L7vDezPe4cM7c1xCug==

GET
H2 200 sqreen-light-badge.svg
assets.sqreen.com/badges/20171107/ 4 KB
2 KB 84ms
14ms Image
image/svg+xml 13.35.253.23
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.sqreen.com/badges/20171107/sqreen-light-badge.svg
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.23 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-23.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7dcf4dbd2ec98aac130fc6028affd9c50e57653e5222bfadaa2d4a49979c7405

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 10:26:50 GMT
content-encoding: gzip
last-modified: Thu, 09 Nov 2017 09:40:30 GMT
server: AmazonS3
age: 36705
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
status: 200
x-amz-cf-id: crp16zx1CUFm5LMQnQfpkwLNBXw41nle0m0-1fhxxCq2cgMAyuzCGQ==
via: 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 90ms
26ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 30 May 2019 20:38:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Mar 2017 19:01:15 GMT
Server: nginx
ETag: W/"58d026fb-15283"
Vary: Accept-Encoding
X-HW: 1559248714.dop072.lo4.shc,1559248714.dop072.lo4.t,1559248714.cds058.lo4.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30125

GET
H/1.1 200
OK jquery-ui.min.js Show response
code.jquery.com/ui/1.12.1/ 248 KB
67 KB 93ms
29ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.1/jquery-ui.min.js
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 30 May 2019 20:38:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Sep 2016 16:34:16 GMT
Server: nginx
ETag: W/"57d97c08-3dee4"
Vary: Accept-Encoding
X-HW: 1559248714.dop024.lo4.shc,1559248714.dop024.lo4.t,1559248714.cds101.lo4.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 67751

GET
H2 200 shuffle.min.js Show response
www.sqreen.com/js/ 19 KB
6 KB 12ms
9ms Script
application/javascript 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/js/shuffle.min.js

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

921349a9979962b0a95cf858c2dcc0dcdafea0609e01f078c1b93f8ed1e6d7fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752334
date: Thu, 30 May 2019 15:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16790
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 6245
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "f656e3efa5e557424d6a3d32196e0502-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 nouislider.min.js Show response
www.sqreen.com/js/ 22 KB
8 KB 11ms
9ms Script
application/javascript 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/js/nouislider.min.js

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

201e76e12be19deaa5fa7bf5c1057b38ab1c707361c7c3afb0699b17a58268cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752335
date: Thu, 30 May 2019 15:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16790
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 7680
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
x-frame-options: DENY
etag: "d428ad1397dc3d47678f008aa2ba0276-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 858 B
467 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Code+Pro

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

c7a26afa5331a4f7e0f5ef7d02a6162fcc9eb9f9e8a3364ec2f9b4eb4007c767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 30 May 2019 20:38:34 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 30 May 2019 20:38:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 30 May 2019 20:38:34 GMT

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/ 293 KB
62 KB 87ms
16ms Script
text/javascript 99.86.0.85
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.85 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-99-86-0-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 45ce5914131712abde6f6295aab763fbb880857f14a43e77f64ebeac374f5145

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 21 May 2019 07:59:54 GMT
content-encoding: gzip
age: 226
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-length: 62993
via: 1.1 21da0a66bafe2c8de8be4a4d8039346b.cloudfront.net (CloudFront)
last-modified: Fri, 17 May 2019 17:10:46 GMT
server: AmazonS3
etag: "229bc0c3d6e9f0d00752c853ee6b456c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: b7iQZtypXDyiaikBCkjGSIg5J1TcXgIz
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
x-amz-cf-id: mlmQZV4vJYKg2HuYILSk9iPRGmGk_KYQgKmwBHOe-X4UXsnZkE59hg==

GET
H2 200 heap-3784968534.js Show response
cdn.heapanalytics.com/js/ 62 KB
27 KB 92ms
21ms Script
application/javascript 13.35.255.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.heapanalytics.com/js/heap-3784968534.js
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.255.17 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-255-17.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: c00e3b7618941f3f60f6064cf70a06b03bb3ce9932a271acf6e51dfcf9eae3ad

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:25 GMT
content-encoding: gzip
server: nginx
age: 9
etag: W/"f826-jlKJs0+ZQwfS+dLHrJv1yQ"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: public, max-age=120
x-amz-cf-id: Edf7VNzdNW9lre-8LeXxq2P1qDzOfWDs0KVZxc7dDvQhEoiB44sRBA==
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)

GET
H2 200 fs.js Show response
fullstory.com/s/ 169 KB
61 KB 14ms
14ms Script
application/javascript 2001:4860:4802:32::15
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fullstory.com/s/fs.js

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

788c8ad823f8510d4f447d4dacb5ff3f7df8b751eec34d04740a6490f3d3003c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
server: Google Frontend
age: 212
etag: "IXskkw"
content-type: application/javascript
status: 200
x-cloud-trace-context: f8a82ea9148103de392133cd81c5694f
cache-control: public, max-age=600
date: Thu, 30 May 2019 20:35:02 GMT
access-control-allow-origin: *
content-length: 62089
expires: Thu, 30 May 2019 20:45:02 GMT

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 48ms
6ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 88d8f5940f276e396e399cf7e1dd1832933e8e6fddc9cf9f3ea938f3d299581f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 92B1F7667741B717
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: /ZFX1s2Lf0X0mFt6ednZT/rNC0rh47F0y6afRHOQZd/BA70/hDNGiRlK0PilS5VC3rb8qxX41iA=
last-modified: Thu, 30 May 2019 19:24:42 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=600
cdn-requestid: c26d02e052fba7bdda7217f508247f6a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

POST
H2 200 f637ed5d-4ac6-441d-a0f5-04c3d7e976c4
reports-api.sqreen.com/browser/v0/csp-violations/ 0
0 182ms
63ms Other
text/html 18.203.78.160
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.78.160 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-203-78-160.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://www.sqreen.com
Content-Type: application/csp-report

Response headers

access-control-allow-origin: https://www.sqreen.com
access-control-expose-headers: Next-Page, Total-Records, X-User

GET
H2 200 Moderat-Regular.woff2
www.sqreen.com/fonts/ 42 KB
42 KB 7ms
6ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/Moderat-Regular.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

4c6d2f0360d0cc9c7ba34f26b2d05e80a72cb944b53460587bf00ddb82ef89ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752353
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 43188
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "174d02dbe835472de1d76649a4e2f658-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 Moderat-Medium.woff2
www.sqreen.com/fonts/ 42 KB
42 KB 10ms
10ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/Moderat-Medium.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

3ba84ba04a8963559da5488d4bc05c347c6be5e3a093dc77efbb34619d0239b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752355
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 43196
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "8e1e4d1539dcab5e84606d0e9f283168-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 Moderat-Bold.woff2
www.sqreen.com/fonts/ 42 KB
42 KB 16ms
16ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/Moderat-Bold.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

06d38da8ea4edf750c8fb4f749f5b71a6dba952fd924a55771c0ccc213339eab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752357
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 43060
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "6eb8d18fdde5905b6aa9391f3e0ddc2e-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 hinted-ProximaNova-Regular.woff2
www.sqreen.com/fonts/ 64 KB
64 KB 13ms
13ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/hinted-ProximaNova-Regular.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

d5c416aad5a93ec52210006b33c49fd56518f38daa131352ab96f70bfbbdd4df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752361
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 65184
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "d4bf0e8c1770a8258cba3c419ba276a9-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 hinted-ProximaNova-Bold.woff2
www.sqreen.com/fonts/ 64 KB
64 KB 21ms
20ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/hinted-ProximaNova-Bold.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

e986032f29885a46b943e3ff7042c79c8c8ac09f5c70bdfdf28cae4229c05730

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752363
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 65568
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "107e80a94e9e473061ea7c36dcde9a86-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 hinted-ProximaNova-Semibold.woff2
www.sqreen.com/fonts/ 63 KB
63 KB 25ms
25ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/hinted-ProximaNova-Semibold.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

f2822d60f9ebd42bf712d5417a8fc4d846afd7f26a3a6afb5838698deeaf2b2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752364
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 64312
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "5ce6b3b79eebec1982db65f5babb021b-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 hinted-ProximaNova-Light.woff2
www.sqreen.com/fonts/ 61 KB
62 KB 27ms
27ms Font
font/woff2 2a03:b0c0:3:d0::d19:7001
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sqreen.com/fonts/hinted-ProximaNova-Light.woff2

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::d19:7001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

Software

Netlify /

Resource Hash

4fa051988de64ab5a747873766694b77fe5a73abf8ae76a61540f6c35e4bed91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/css/style.css
Origin: https://www.sqreen.com

Response headers

x-nf-request-id: ab27d4a8-a566-4b44-90ac-5d4158992b8d-2752369
date: Thu, 30 May 2019 15:17:28 GMT
x-content-type-options: nosniff
age: 19266
content-security-policy-report-only: child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com
x-protected-by: Sqreen
status: 200
strict-transport-security: max-age=31536000
content-length: 62952
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "94ab82e11fb787b210325a05347f3448-ssl"
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 76.ead014270ffc1593d711.js Show response
load.sumo.com/ 131 KB
44 KB 15ms
14ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/76.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: fe483eb76cd8a58d6c9302816a048a03e7aeb04828a7bb73850b3831f694c42f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 11116153A6CBA275
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: AFkJjQPyXs0zT3+WIWDL8//0MSCgMAMYLTipWRN7KIRHq6Gsk48U7ny04EA+AZW37+41Ri17Vpc=
last-modified: Thu, 30 May 2019 19:24:28 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: e649e40bedf9640dc9eed45bb72bdc24
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 78.ead014270ffc1593d711.js Show response
load.sumo.com/ 289 KB
100 KB 24ms
24ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/78.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 941646615b49ab10baa636da830645f2b25c4e1843c8dfdb319a2c9ac898e453

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 79185104D05959BB
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: ylhBDoJSdRfwSD5/hj1/3x5dEeAODLswD2WcXjpbTiJKmWGYO9+TBGGVUNxm9ymybgLir9+Qgo4=
last-modified: Thu, 30 May 2019 19:24:29 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 909416e2d38d1c9b58d2ed56cf989709
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

POST
H2 202 page Show response
rs.fullstory.com/rec/ 15 B
109 B 126ms
126ms XHR
text/plain 35.186.194.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://rs.fullstory.com/rec/page

Requested by

Host: fullstory.com
URL: https://fullstory.com/s/fs.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.186.194.58 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

58.194.186.35.bc.googleusercontent.com

Software

Resource Hash

e714a123414245ff10cf0c0e4d2301965cd12643c56659c5534e8cc851251478

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://www.sqreen.com
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:34 GMT
via: 1.1 google
x-content-type-options: nosniff
status: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.sqreen.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 15
expires: 0

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
142 B 582ms
187ms XHR
application/json 52.89.222.195
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.89.222.195 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-89-222-195.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://www.sqreen.com
Content-Type: text/plain

Response headers

status: 200
date: Thu, 30 May 2019 20:38:35 GMT
access-control-allow-origin: https://www.sqreen.com
content-length: 21
vary: Origin
content-type: application/json

GET
H2

200

shim.latest.js Show response
js.intercomcdn.com/
Redirect Chain

https://widget.intercom.io/widget/ev3k1dfl
https://js.intercomcdn.com/shim.latest.js

11 KB
4 KB

79ms
18ms

Script
application/javascript

13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/shim.latest.js
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 977cd119e7e8c9816b0b18c901cb08a48e1d5c4a7c4a63ba524640d1c1156f1f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:36:39 GMT
content-encoding: gzip
etag: "6bd210c129cf6c2bce85d99cc45873a6"
last-modified: Thu, 30 May 2019 18:46:35 GMT
server: AmazonS3
age: 117
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=300, s-maxage=300, public
accept-ranges: bytes
content-length: 3887
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: jJMCazUFg7f6MzXRTWkg09kcUMlwVzpmIbrVgb0H0fwEiOnLA2vrtw==

Redirect headers

date: Sat, 25 May 2019 04:03:25 GMT
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
server: AmazonS3
age: 491711
location: https://js.intercomcdn.com/shim.latest.js
x-cache: Hit from cloudfront
status: 302
content-length: 0
x-amz-cf-id: gm92bSP7dri5XrTCG2krGpmR_CKrr7i5wdXTPNZYVOEf43VM0Pbg_g==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 20ms
20ms Script
application/javascript 151.101.36.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.36.157 Amsterdam, Netherlands, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: gzip
age: 18910
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-ams21048-AMS
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1559248715.984563,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 15 KB
5 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 30 May 2019 20:38:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=37884
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 4774553.js Show response
tag.getdrip.com/ 795 KB
33 KB 87ms
18ms Script
application/javascript 13.35.253.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.getdrip.com/4774553.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.118 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a81000491efd155e13581c1d0bdb55cdea871d028fac637a6a15758eeb60187e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:36:00 GMT
content-encoding: gzip
last-modified: Thu, 30 May 2019 19:56:51 GMT
server: AmazonS3
age: 156
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-id: BavVogVvmesnwWGFRngLX947uRMGUoLH-d4ee0Whx-z2iHIJIYcbeA==
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 53 KB
19 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:81f::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QG6B3&l=dataLayer

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

3d575ae8f1a75f096790ef37ed1a23da89b6e027eb1caccb8fa839a9c1d46b93

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: br
last-modified: Thu, 30 May 2019 16:41:01 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 19529
x-xss-protection: 0
expires: Thu, 30 May 2019 20:38:34 GMT

GET
H2 200 5857b70d837b41bb46000046.js Show response
tag.perfectaudience.com/serve/ 14 KB
5 KB 83ms
16ms Script
text/javascript 151.101.2.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.perfectaudience.com/serve/5857b70d837b41bb46000046.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.217 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9faa87a9ba61d47fe53ddb764f13f9e65111a9b41dd23c6028ce11f07f13a48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 609
x-cache: HIT
status: 200
content-length: 4573
x-served-by: cache-hhn1532-HHN
server: Cowboy
x-timer: S1559248715.053318,VS0,VE1
vary: Accept-Encoding
content-type: text/javascript
via: 1.1 vegur, 1.1 varnish
cache-control: max-age=1800
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 27ms
26ms Script
text/javascript 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

f1e6382aa070301007ee92dbaaef83c9f6075f9d86ee3632c82a609f02c6fc1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 8912
x-xss-protection: 0
server: cafe
etag: 11386026576561889187
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 May 2019 20:38:34 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 53 KB
15 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15397
x-xss-protection: 0
pragma: public
x-fb-debug: 7tLkaTzTehAWGshV2S2WW7tvpZq1I1GCrbvb/3UA3H877lpY0Xysrlz5ne3VZQZQZAFUgRJFoC7Hy5YZN8RZfg==
date: Thu, 30 May 2019 20:38:34 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/5nxb5iyxWJCBesRTBrDlKocYYhI0yk6H/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 May 2019 23:53:44 GMT
server: Golfe2
age: 3961
date: Thu, 30 May 2019 19:32:33 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17595
expires: Thu, 30 May 2019 21:32:33 GMT

GET
H/1.1 200
OK h
heapanalytics.com/ 37 B
305 B 441ms
103ms Image
image/gif 3.210.113.103
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heapanalytics.com/h?a=3784968534&u=8646310629341304&v=4267271048382316&s=7997357880949237&b=web&tv=4.0&z=0&h=%2Fchecklists%2Fsaas-cto-security-checklist&d=www.sqreen.com&t=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&ts=1559248715074&st=1559248715079
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.113.103 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-210-113-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 May 2019 20:38:35 GMT
Server: nginx
ETag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
Content-Type: image/gif
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Length: 37

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 21 KB
8 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.8.47

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

4a320c52c63a44c676ba2c6d00c5ab74fc031b16d768c1933cbfd27c20c2b4c4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 8245
x-xss-protection: 0
pragma: public
x-fb-debug: 4Fz26mn5oC7e1+C6KS8VBsGduZ+3RW23T5Wgx29SV/KadEhq+MY88/ke4rGK5/DyvSpZCknN1Qzwr0gTdsolBQ==
date: Thu, 30 May 2019 20:38:35 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 513325432125369 Show response
connect.facebook.net/signals/config/ 207 KB
55 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/513325432125369?v=2.8.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

9c66db1dd04369b5fb796cfbb3581c58aff30816ba38bbd81b605d7d6a567358

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 56215
x-xss-protection: 0
pragma: public
x-fb-debug: WyC6Cu+WT/GBKm8/Um0oH94hcrs6/HL3gws4Zny0AIWt9f6H/8HTBK3Nr4fAL9kRbgLqIBGDPEdoxIiQIDmh7g==
date: Thu, 30 May 2019 20:38:35 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
920 B 6ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 1773
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 856
x-xss-protection: 0
expires: Thu, 30 May 2019 21:09:02 GMT

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=68484&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=68484&source=js_tag

93 B
455 B

35ms
34ms

Script
text/javascript

18.203.165.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=68484&source=js_tag
Requested by: Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.165.119 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-203-165-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4f1e04c8dc819624310c7e775bd87ab978ff984addc3ffbccb89f63a255de002

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Content-Type: text/javascript
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 93
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=68484&source=js_tag
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 adsct
t.co/i/ 43 B
173 B 145ms
141ms Image
image/gif 104.244.42.5
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvijn&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 113
pragma: no-cache
last-modified: Thu, 30 May 2019 20:38:35 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: f2ba066a7734996e2f6f807a8bf9dca3
x-transaction: 0069b82b00706514
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/945086973/ 2 KB
1 KB 28ms
26ms Script
text/javascript 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/945086973/?random=1559248715144&cv=9&fst=1559248715144&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

cde17d7478c6077fbdc7d7ed33accf2c0d9c4c2a9fac98e09e3883a1262dc9ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 975
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/945086973/ 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/945086973/?random=1559248715157&cv=9&fst=1559248715157&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=path%3D%2Fchecklists%2Fsaas-cto-security-checklist%3Breferrer%3D%3Bsearch%3D%3Btitle%3DSaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%3Burl%3Dhttps%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&frm=0&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

3a4cb9952361603bb0e1d4ed1fa061cf2a8d95d2ca8b98dec0a4869db0b2e2ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1011
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 15ms
8ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j76&a=1332711346&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&dp=%2Fchecklists%2Fsaas-cto-security-checklist&ul=en-us&de=UTF-8&dt=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAgEAj~&jid=1505402060&gjid=2147368074&cid=915166736.1559248715&tid=UA-64824410-1&_gid=543669902.1559248715&z=396333496

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2019 03:35:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7146212
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j76&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&gjid=2147368074&_gid=543669902.1559248715&_u=aGBAgEAj~&z=635734535
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&_v=j76&z=635734535
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&_v=j76&z=635734535&slf_rd=1&random=2500656960

42 B
110 B

21ms
17ms

Image
image/gif

2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&_v=j76&z=635734535&slf_rd=1&random=2500656960

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=1505402060&_v=j76&z=635734535&slf_rd=1&random=2500656960
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
895 B 10ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.8.47

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: nv1KpunNuZbl1xD3qrLsYaAktT/ug2rMzhn2HebbQkOrWlFbR2tFthYA2uRs4173h99+WVg8pEHT8tc+TorTSw==
date: Thu, 30 May 2019 20:38:35 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 frame.e8bd5f6e.js Show response
js.intercomcdn.com/ Frame 0AA4 278 KB
78 KB 20ms
19ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/shim.latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f848b5614a9f5b0329cd4f846301d8e32d55c69d10aced4fe14fe35aaea548f8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 18:46:39 GMT
content-encoding: gzip
etag: "7b57c56a4e882b80c21c4745f361a534"
last-modified: Thu, 30 May 2019 18:41:33 GMT
server: AmazonS3
age: 6717
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 79538
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: wowQRHCXVJclHEMTuo2c9Y-U9F6QCWuiQTA0WJyuP7EzcBosLXvWIA==

GET
H2 200 vendor.31266935.js Show response
js.intercomcdn.com/ Frame 0AA4 529 KB
166 KB 46ms
44ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendor.31266935.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/shim.latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 96d5170836c948a74d16789c6e3518fd913e8b36fa804ae6207241807524803e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:11:14 GMT
content-encoding: gzip
etag: "38d09aadcf45ef4986322df26c150d10"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1642
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 169488
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: 88LQ0OvDcm3av0rRjGxTiXP9RNQuJNW0twZzELBlZrOFNKql_hLA7g==

GET
H2 200 /
www.google.com/pagead/1p-user-list/945086973/ 42 B
121 B 28ms
26ms Image
image/gif 2a00:1450:4001:81d::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/945086973/?random=1559248715157&cv=9&fst=1559246400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=path%3D%2Fchecklists%2Fsaas-cto-security-checklist%3Breferrer%3D%3Bsearch%3D%3Btitle%3DSaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%3Burl%3Dhttps%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&frm=0&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&cdct=2&is_vtc=1&random=2928051685&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/945086973/ 42 B
110 B 30ms
28ms Image
image/gif 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/945086973/?random=1559248715157&cv=9&fst=1559246400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=path%3D%2Fchecklists%2Fsaas-cto-security-checklist%3Breferrer%3D%3Bsearch%3D%3Btitle%3DSaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%3Burl%3Dhttps%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&frm=0&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&cdct=2&is_vtc=1&random=2928051685&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/945086973/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...
https://www.google.com/pagead/1p-conversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_n...
https://www.google.de/pagead/1p-conversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_np...

42 B
110 B

18ms
17ms

Image
image/gif

2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.sqreen.com/checklists/saas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&cdct=2&is_vtc=1&ocp_id=Sz_wXIWlCsGKrASpu6r4BQ&random=514055911&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/945086973/?random=1247623733&cv=9&fst=*&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.sqreen.com/checklists/saas-cto-security-checklist&tiba=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&cdct=2&is_vtc=1&ocp_id=Sz_wXIWlCsGKrASpu6r4BQ&random=514055911&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 visit Show response
api.getdrip.com/client/events/ 84 B
893 B 216ms
137ms Script
text/javascript 13.35.253.27
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://api.getdrip.com/client/events/visit?drip_account_id=4774553&referrer=&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&domain=www.sqreen.com&time_zone=UTC&enable_third_party_cookies=t&callback=Drip_134897235

Requested by

Host: tag.getdrip.com
URL: https://tag.getdrip.com/4774553.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.27 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-27.fra6.r.cloudfront.net

Software

Resource Hash

2af5ac856905489a8fdff13e98ef0ba74683f3e6ef24692bb372409115bcc863

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amzn-remapped-content-length: 84
x-amzn-remapped-date: Thu, 30 May 2019 20:38:35 GMT
x-amzn-requestid: e5746709-831a-11e9-af26-41cf1c91c6d5
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=15552000; includeSubDomains
x-amz-apigw-id: ag7TxFC3IAMFkjQ=
content-length: 84
x-xss-protection: 1; mode=block
x-request-id: 93285385-f8ff-47fd-b45e-a57cc4047769
x-amz-cf-id: MVEqC_ByxYsiNAvIyQcQ0PjQ_1lrh3XRzDPChDqYP3S8TippU_QaWw==
x-runtime: 0.028325
etag: W/"2af5ac856905489a8fdff13e98ef0ba7"
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
x-amzn-remapped-server: nginx
x-amzn-remapped-connection: keep-alive

GET
H2 200 263753567408806 Show response
connect.facebook.net/signals/config/ 207 KB
55 KB 14ms
12ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/263753567408806?v=2.8.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

c67fbd71a2ad22aa4ca690c817658a287abfd85a12030f0f436e8072b1b9c7ce

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 56215
x-xss-protection: 0
pragma: public
x-fb-debug: 6Aq9v/85R/5ZuLWtnT/PwAhVIzRFZn6R4vGs63CK2wOJBmjoeKAjernBC1Wd9IAGVcZNVf1yQZifsfSOrr0iZw==
date: Thu, 30 May 2019 20:38:35 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
253 B 14ms
12ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=513325432125369&ev=PageView&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&rl=&if=false&ts=1559248715228&sw=1600&sh=1200&v=2.8.47&r=stable&a=seg&ec=0&o=30&fbp=fb.1.1559248715227.1626523020&it=1559248715106&coo=false&rqm=GET

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 30 May 2019 20:38:35 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
103 B 8ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=513325432125369&ev=PageView&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&rl=&if=false&ts=1559248715277&sw=1600&sh=1200&v=2.8.47&r=stable&a=seg&ec=1&o=30&fbp=fb.1.1559248715227.1626523020&it=1559248715106&coo=false&rqm=GET

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 30 May 2019 20:38:35 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
103 B 8ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=263753567408806&ev=PageView&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&rl=&if=false&ts=1559248715282&sw=1600&sh=1200&v=2.8.47&r=stable&a=seg&ec=0&o=30&fbp=fb.1.1559248715227.1626523020&it=1559248715106&coo=false&rqm=GET

Requested by

Host: www.sqreen.com
URL: https://www.sqreen.com/checklists/saas-cto-security-checklist

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 30 May 2019 20:38:35 GMT

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 0AA4 6 KB
3 KB 434ms
380ms XHR
application/json 13.35.253.67
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.67 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-67.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

fe6cee0c35d2e8b5900b4ca5f2fabc074258e0e690bcfc26da9b998182ef3664

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://www.sqreen.com
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: https://www.sqreen.com
x-cache: Miss from cloudfront
status: 200, 200 OK
strict-transport-security: max-age=31556952; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 0004q5etvq94svles7g0
x-runtime: 0.275628
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"fe6cee0c35d2e8b5900b4ca5f2fabc07"
x-ratelimit-remaining: 1909
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f23.cloudfront.net (CloudFront)
x-intercom-version: 13cdce4a6009c9aa91f9c32a128aceb75b2e510a
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 1559248740
x-ratelimit-limit: 2000
access-control-allow-headers: Content-Type
x-amz-cf-id: NfZvjgBrA3YIa3gFmqFh7_M2qkswhj9cp2E_J8SA87OuI26wn3l76A==

POST
H2 200 / Show response
sumo.com/api/load/ 873 B
1 KB 576ms
190ms XHR
application/json 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/78.ead014270ffc1593d711.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-199-253.us-west-2.compute.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

b1c8f8bcb11c05acba0f31f1084a632aa807ef1dc6387b6a927aef887b530a6d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Origin: https://www.sqreen.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
vary: Origin, Accept-Encoding
server: nginx/1.12.1
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.sqreen.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 873

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1
https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1559248715530%26pid%3D89248%26url%3Dhttps%253A%252F%252Fwww.sqreen.com%252Fchecklists%252Fsaas-c...
https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1&cookiesTest=true&liSync=true

0
94 B

168ms
167ms

Script
application/javascript

2a05:f500:11:101::b93f:9005
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1&cookiesTest=true&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 20
x-li-uuid: hsscn3WQoxXgnKK4FCsAAA==

Redirect headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-efr5
content-length: 20
x-li-uuid: SxKrJnKQoxUgViulFCsAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect/?time=1559248715530&pid=89248&url=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

cb
pixel.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=mrin
https://cs.marinsm.com/mrin
https://pixel.prfct.co/cb?partnerId=mrin

43 B
399 B

435ms
102ms

Image
image/gif

34.224.253.46
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.prfct.co/cb?partnerId=mrin
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.224.253.46 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-224-253-46.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Content-Type: image/gif
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://pixel.prfct.co/cb?partnerId=mrin
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_CbliMJ1hcSHPJNICR

43 B
249 B

138ms
138ms

Image
image/gif

104.244.42.195
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_CbliMJ1hcSHPJNICR

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 111
pragma: no-cache
last-modified: Thu, 30 May 2019 20:38:35 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d588ffa0cab741773338649e2f4e2e4a
x-transaction: 002b0cfd00a0562d
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_CbliMJ1hcSHPJNICR
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

pixel
ads.yahoo.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ads.yahoo.com/pixel?id=2539961&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fnwid%3D10001073209%26eid%3Dpa_CbliMJ1hcSHPJNICR%26sigv%3D1%26esig%3D2%7Ee3330524eedfee2d9cd2489be58659a...

0
341 B

134ms
40ms

Image
text/plain

2a00:1288:110:833::4000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/pixel?id=2539961&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fnwid%3D10001073209%26eid%3Dpa_CbliMJ1hcSHPJNICR%26sigv%3D1%26esig%3D2%7Ee3330524eedfee2d9cd2489be58659a66dc97841

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:833::4000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 30 May 2019 20:38:35 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/pixel?id=2539961&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fnwid%3D10001073209%26eid%3Dpa_CbliMJ1hcSHPJNICR%26sigv%3D1%26esig%3D2%7Ee3330524eedfee2d9cd2489be58659a66dc97841
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_CbliMJ1hcSHPJNICR
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_CbliMJ1hcSHPJNICR

43 B
256 B

30ms
30ms

Image
image/gif

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_CbliMJ1hcSHPJNICR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.146.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
server: OXGW/16.146.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Thu, 30 May 2019 20:38:35 GMT
server: OXGW/16.146.0
content-length: 0
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_CbliMJ1hcSHPJNICR
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_CbliMJ1hcSHPJNICR

42 B
371 B

127ms
30ms

Image
image/gif

213.19.162.90
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_CbliMJ1hcSHPJNICR
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.90 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 May 2019 20:38:35 GMT
Server: Rubicon Project
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-RPHost: fRChl1zBA5HZgHBoJy-6zw
Expires: 0

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_CbliMJ1hcSHPJNICR
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfQ2JsaU1KMWhjU0hQSk5JQ1I
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
399 B

35ms
34ms

Image
image/gif

18.203.165.119
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.165.119 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-203-165-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Content-Type: image/gif
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:35 GMT
server: HTTP server (unknown)
location: https://pixel-geo.prfct.co/cb?partnerId=goo
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
399 B 122ms
122ms Image
image/gif 18.203.165.119
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=7394124&source=js_tag&a_id=68484
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.165.119 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-203-165-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Content-Type: image/gif
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 tr
www.facebook.com/ 44 B
103 B 9ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=263753567408806&ev=ViewContent&cd[rtb_id]=7394124&noscript=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 30 May 2019 20:38:35 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=7394124
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D7394124

43 B
980 B

27ms
26ms

Image
image/gif

185.33.223.209
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D7394124

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.209 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

314.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 May 2019 20:38:37 GMT
AN-X-Request-Uuid: 5059680b-b23e-492e-9f6f-3f1342baa9f2
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 83.97.23.29; 83.97.23.29; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.105:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 May 2019 20:38:37 GMT
AN-X-Request-Uuid: 205860bd-eca6-42fb-b026-52d310da892c
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D7394124
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 83.97.23.29; 83.97.23.29; 314.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.9:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
269 B 143ms
142ms Script
application/javascript 104.244.42.195
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvijn&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 114
pragma: no-cache
last-modified: Thu, 30 May 2019 20:38:35 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d588ffa0cab741773338649e2f4e2e4a
x-transaction: 00a989cb00f71b8d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 6ms
6ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j76&a=1332711346&t=timing&_s=2&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&dp=%2Fchecklists%2Fsaas-cto-security-checklist&ul=en-us&de=UTF-8&dt=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&plt=1463&pdt=6&dns=1&rrt=0&srt=9&tcp=15&dit=902&clt=902&_gst=723&_gbt=1051&_u=aGBAgEAj~&jid=&gjid=&cid=915166736.1559248715&tid=UA-64824410-1&_gid=543669902.1559248715&z=633644606

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2019 03:35:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7146212
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
103 B 7ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=513325432125369&ev=Microdata&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&rl=&if=false&ts=1559248715732&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist.html%22%2C%22og%3Atitle%22%3A%22SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.sqreen.com%2Fimg%2FNEW%2Fshare%2Fshare-cto.jpg%22%2C%22og%3Aimage%3Atype%22%3A%22image%2Fjpeg%22%2C%22og%3Aimage%3Awidth%22%3A%221200%22%2C%22og%3Aimage%3Aheight%22%3A%22627%22%2C%22og%3Adescription%22%3A%22Learn%20how%20to%20protect%20your%20SaaS%20applications%20with%20the%20SaaS%20CTO%20security%20checklist.%20Select%20your%20startup%20stage%20and%20use%20these%20rules%20to%20improve%20your%20application%20security%2C%20infrastructure%20security%20and%20more.%22%2C%22og%3Asite_name%22%3A%22Sqreen%22%2C%22og%3Alocale%22%3A%22en_US%22%7D&cd[Meta]=%7B%22title%22%3A%22SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%22%2C%22meta%3Adescription%22%3A%22Learn%20how%20to%20protect%20your%20SaaS%20applications%20with%20the%20SaaS%20CTO%20security%20checklist.%20Select%20your%20startup%20stage%20and%20use%20these%20rules%20to%20improve%20your%20application%20security%2C%20infrastructure%20security%20and%20more.%22%7D&cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.8.47&r=stable&a=seg&ec=2&o=30&fbp=fb.1.1559248715227.1626523020&it=1559248715106&coo=false&es=automatic&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 30 May 2019 20:38:35 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
103 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=263753567408806&ev=Microdata&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&rl=&if=false&ts=1559248715784&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist.html%22%2C%22og%3Atitle%22%3A%22SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.sqreen.com%2Fimg%2FNEW%2Fshare%2Fshare-cto.jpg%22%2C%22og%3Aimage%3Atype%22%3A%22image%2Fjpeg%22%2C%22og%3Aimage%3Awidth%22%3A%221200%22%2C%22og%3Aimage%3Aheight%22%3A%22627%22%2C%22og%3Adescription%22%3A%22Learn%20how%20to%20protect%20your%20SaaS%20applications%20with%20the%20SaaS%20CTO%20security%20checklist.%20Select%20your%20startup%20stage%20and%20use%20these%20rules%20to%20improve%20your%20application%20security%2C%20infrastructure%20security%20and%20more.%22%2C%22og%3Asite_name%22%3A%22Sqreen%22%2C%22og%3Alocale%22%3A%22en_US%22%7D&cd[Meta]=%7B%22title%22%3A%22SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen%22%2C%22meta%3Adescription%22%3A%22Learn%20how%20to%20protect%20your%20SaaS%20applications%20with%20the%20SaaS%20CTO%20security%20checklist.%20Select%20your%20startup%20stage%20and%20use%20these%20rules%20to%20improve%20your%20application%20security%2C%20infrastructure%20security%20and%20more.%22%7D&cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.8.47&r=stable&a=seg&ec=1&o=30&fbp=fb.1.1559248715227.1626523020&it=1559248715106&coo=false&es=automatic&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 30 May 2019 20:38:35 GMT

OPTIONS
H2 204 services Show response
sumo.com/ 0
258 B 184ms
183ms XHR
text/plain 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/78.ead014270ffc1593d711.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-148-199-253.us-west-2.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://www.sqreen.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: x-sumo-auth

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
server: nginx/1.12.1
access-control-allow-origin: https://www.sqreen.com
access-control-max-age: 2592000
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
status: 204
access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type

POST
H2 200 services Show response
sumo.com/ 26 KB
5 KB 197ms
197ms XHR
application/json 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-199-253.us-west-2.compute.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

a43f0fcd7917f43261cf6447dd1398e59c989d521219af6217507292823353a9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Origin: https://www.sqreen.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Sumo-Auth: zr6nlhDJHDvfpbkhUOXWyBfY

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.12.1
status: 200
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://www.sqreen.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8

GET
H2 200 9.ead014270ffc1593d711.js Show response
load.sumo.com/ 97 KB
33 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/9.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 3aac45bc63eb96ac821b0278d857dea94d54875c5aba9a0b8a83863a4de398de

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 48F4083D514C4F2D
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: +K5k/DL7ltTqyxN6PWlBkMHsoLYlZRXxXz/PV39u7BHanG8XatZeL7Rmm0Ycm8VmdUJ5M+VzMjw=
last-modified: Thu, 30 May 2019 19:24:36 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: ffea40d289045acde1936ecc56e1d79a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 6.ead014270ffc1593d711.js Show response
load.sumo.com/ 5 KB
3 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/6.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 8a106b1424352f04311e0d87f9920a25472b7c3bcb6407d144bf1a13cf2d35d7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 6A1852698D75A772
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: PaU0HYUN8LU1j8ssTh8vXS7dndVlmxINkplr6HAkHWcAOaCtJxyW1jqVEFGZC6xLBLOZH7ngraY=
last-modified: Thu, 30 May 2019 19:24:20 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 5957a2e6ed6c2627cd40d3528712332b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 2.ead014270ffc1593d711.js Show response
load.sumo.com/ 3 KB
2 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 9BE6887DD84836BD
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: l5MJ5nmaLbtL55G1llE0xOkzcGvHfaRD9kpS23VK/IuRh4PqBHRQDVnySlrkEFzxfN567R9gVgM=
last-modified: Thu, 30 May 2019 19:23:58 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d115fe49b0941961f3e8f067faf3427b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 5.ead014270ffc1593d711.js Show response
load.sumo.com/ 11 KB
5 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/5.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 22aeb8cee932e631898fd5d70be0df46020a7c74d9a992d74983d0a71950d2c1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 440CC719EB970BCA
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: reY2hLqgwrkbdhnY7+GDKMJRM7ncoReEtXjg+RF8EFzpMI+fVDo6Y+iS3wgrduVwQNGbETBQmfY=
last-modified: Thu, 30 May 2019 19:24:15 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 046bb801305f25eed9f4d049db09ce27
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 24.ead014270ffc1593d711.js Show response
load.sumo.com/ 92 KB
25 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/24.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 778dbb09e125ec1f371890b33e7e59215c90c0f713d04278da7848784f5aa36d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: E66133E9AD74F67D
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: 0JwPBOTsT+hDQ7x/Jfmk1LQe56WJmEV1kdmLQasPha+FPpJvWxF6hAMwP8KZWuwbXHHc/6Wecz8=
last-modified: Thu, 30 May 2019 19:24:00 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 83d13935acdb67a6d4ebdd1852219054
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 25.ead014270ffc1593d711.js Show response
load.sumo.com/ 326 KB
93 KB 10ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/25.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 7f936c6d936210f1d3074419ae0309b83dff45cf4a07b1043e9afc4682da560e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: BE43EFA3FB489CC7
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: Lur5eGbSNuNIZFu9ah57KURotQqV6GSXR8165RBVNuQjBXDvKH2vcPVGer/xU7qT3+EQ8kTMGjE=
last-modified: Thu, 30 May 2019 19:24:01 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: f769d90b8d46926b8142f1374e70cf7e
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 23.ead014270ffc1593d711.js Show response
load.sumo.com/ 178 KB
51 KB 10ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 89234daa48fe35d73611023e3cdfda2f56895fdd6664df24802c2ab416b24e60

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 94A535ADEAFC8939
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: YNbvT4/uv07f3n1zx//nSmOiBXCAV5KyvKPHdF0Z65MKxnNR8EpamuwBOoGOT6mGD61Q5gMy/+k=
last-modified: Thu, 30 May 2019 19:23:59 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d75090098007daf25a2dbd63969458a3
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 68.ead014270ffc1593d711.js Show response
load.sumo.com/ 1 KB
1 KB 10ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/68.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: e5b5a2b94aec057605c3660c462ad1affc88c7d902ee0665c045d96cd4dce2e3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 2C8957E0F414C126
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: ThAYY5XnSR6M9ZWi54s9vGYkpnF9fjSxkVI1IdgF+vIw92+YHRXf6uJWVg4nWNy7reHzVCGDa5o=
last-modified: Thu, 30 May 2019 19:24:24 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: edc96f37d37068bc2581cc7c9d7e9239
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 0.ead014270ffc1593d711.js Show response
load.sumo.com/ 5 KB
3 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 800c7c35a963a9013c3792ab4296a663d6c05bb768254434807a9419a9f42a0a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: F9DBBB7FC6CAD975
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: puKLa4X5gx7lwmk0SRHejLHNPb6VT3Z2EipLfZ2OwnfYgEWaUwXcYeqMcgNYpJ49S4cQBcOe3G4=
last-modified: Thu, 30 May 2019 19:23:47 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d2537851f85869272e670a67463c3d06
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 1.ead014270ffc1593d711.js Show response
load.sumo.com/ 1 KB
2 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/1.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 8f73acea2f431f8cb870e52e70e361d58848984334cbc2853d2c9feb1d111fdc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 5BA6090A88C334BA
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: R6MH8n+rxDHX4fhfL05oNBMQ/57xvleieJsAmEE1t5E86w6jF0De8RjCb02w7NjZfMY7Kn8tQ30=
last-modified: Thu, 30 May 2019 19:23:48 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: ebee826992cc3e739c8dd49a08fd67a5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 3.ead014270ffc1593d711.js Show response
load.sumo.com/ 5 KB
2 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/3.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 252f563b05537cd837045b9184bdf4191740afb8ea503b4e1371f064cf082354

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 32C40960FD4CABCA
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: JN4erkoXFNh8ydp/9hpQN035B4qJJaUiNJauy5kx+sNtcUNzxNMNCW2MLt5IFl65DeAbnpqkDCI=
last-modified: Thu, 30 May 2019 19:24:03 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 4d50f2b9961f140168fd09084444ff59
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 14.ead014270ffc1593d711.js Show response
load.sumo.com/ 438 KB
129 KB 11ms
10ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/14.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 86415edd037333c99ecd802c083cd1ce92cc24fb0ec1d7e29765c705acccc5ee

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 779DE371CEC706B9
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: 30svo2WfU7i53NPgnLQUqKJLYz9hSG5E0wPtXfEfueTJTck1a30vq2XMzshYnx/h1sNB+ROP8Wk=
last-modified: Thu, 30 May 2019 19:23:54 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 0d9e673fb2d106a2cff8e4485032efa8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 18.ead014270ffc1593d711.js Show response
load.sumo.com/ 711 KB
53 KB 11ms
11ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/18.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: cd6beb3b5a5f9810edc4ffe47f0a33b9a6017e88ed176a52cf400d4c962b665c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: C72C2D9130077691
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: TPVJ/Hnb4Ea/gjd62TYY4K1n1dSOQFXCO7VHVhqzzqKxeVJdWfucwyvbhc4mcxxaMmfjRraB1Mk=
last-modified: Thu, 30 May 2019 19:23:57 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 0673acdf86f83fc21ea0ce93c3e1f643
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 107.ead014270ffc1593d711.js Show response
load.sumo.com/ 1 MB
79 KB 7ms
6ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/107.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: 06c97fc5209f9b2d2fbeeffd654ed6b230f13f1863d22d82157dfc2432f39a6e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
content-encoding: br
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 1EF71A893F6A00B0
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
x-amz-id-2: mld/JqHFrR4e2kpmId5wkxJ6rstuTECA5Aeu9aWSfny4t6fbXUBCsz6Lt5/Qrk5N3H9zG7f7X+0=
last-modified: Thu, 30 May 2019 19:23:52 GMT
server: BunnyCDN-DE1-481
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 5aea7d4cd2076eaea956ebfe7772125c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 111.ead014270ffc1593d711.js Show response
load.sumo.com/ 219 B
790 B 9ms
8ms Script
text/javascript 2a00:f48:2000:1023::3
TTM

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/111.ead014270ffc1593d711.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software: BunnyCDN-DE1-481 /
Resource Hash: e2dc50c839bf82562e15cb36d80a37a65799905200bf02e1a7bf5ed42f1b1e07

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
cdn-edgeid: 481
cdn-cache: HIT
x-amz-request-id: 1C03DF169F58DD05
status: 200
cdn-cachedat: 2019-05-30 19:24:59
cdn-pullzone: 53731
content-length: 219
x-amz-id-2: GLi5D1lI/xmyOxWfk28f4XO7UrPGVRnv9aeXvioeKCrWCWtSHovSg8cbb8qzUh6wmtElCbyV3+U=
last-modified: Thu, 30 May 2019 19:23:53 GMT
server: BunnyCDN-DE1-481
content-type: text/javascript
access-control-allow-origin: *
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: b9caa89c8f08cf4b3f3f07a4217af4a6
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Range, X-Requested-With

GET
H2 200 css
fonts.googleapis.com/ 24 KB
1 KB 16ms
16ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/0.ead014270ffc1593d711.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

ce2dc45c0adef73039fafb13f6147ac6d4e9c27f5e2839126500fa3eef483c34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 30 May 2019 20:38:36 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 30 May 2019 20:38:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 30 May 2019 20:38:36 GMT

POST
H2 200 queue Show response
sumo.com/apps/share/facebook/ 16 B
294 B 188ms
188ms XHR
application/json 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/apps/share/facebook/queue

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/78.ead014270ffc1593d711.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-199-253.us-west-2.compute.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Origin: https://www.sqreen.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
vary: Origin, Accept-Encoding
server: nginx/1.12.1
status: 200
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://www.sqreen.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 16

POST
H2 200 queue Show response
sumo.com/apps/share/facebook/ 16 B
294 B 188ms
187ms XHR
application/json 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/apps/share/facebook/queue

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/78.ead014270ffc1593d711.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-199-253.us-west-2.compute.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Origin: https://www.sqreen.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
vary: Origin, Accept-Encoding
server: nginx/1.12.1
status: 200
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://www.sqreen.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 16

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c40f13cd1c3c7338bab7aa23cd5d7b197c79a9cd96ccca801f8937767f67642

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c36eb9f49a231993fa4ead31474f6ba49fbba5b2b8630a6d0abb64b3740226c1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13e9741d8619b07a7e0779171ec4a35d0ee8dad0592a65088f9d3f31af274d43

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ 24 KB
1 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/0.ead014270ffc1593d711.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

ce2dc45c0adef73039fafb13f6147ac6d4e9c27f5e2839126500fa3eef483c34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 30 May 2019 20:38:36 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 30 May 2019 20:38:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 30 May 2019 20:38:36 GMT

OPTIONS
H2 204 features Show response
sumo.com/api/site/0192db87363591a2d11e3ab3e0366ec2da806a510963217183f98874951131e1/ 0
258 B 184ms
183ms XHR
text/plain 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/0192db87363591a2d11e3ab3e0366ec2da806a510963217183f98874951131e1/features?site_id=0192db87363591a2d11e3ab3e0366ec2da806a510963217183f98874951131e1
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/78.ead014270ffc1593d711.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-148-199-253.us-west-2.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: GET
Origin: https://www.sqreen.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: x-sumo-auth

Response headers

date: Thu, 30 May 2019 20:38:36 GMT
server: nginx/1.12.1
access-control-allow-origin: https://www.sqreen.com
access-control-max-age: 2592000
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
status: 204
access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type

GET
H2 200 features Show response
sumo.com/api/site/0192db87363591a2d11e3ab3e0366ec2da806a510963217183f98874951131e1/ 3 KB
1 KB 191ms
191ms XHR
application/json 54.148.199.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/0192db87363591a2d11e3ab3e0366ec2da806a510963217183f98874951131e1/features?site_id=0192db87363591a2d11e3ab3e0366ec2da806a510963217183f98874951131e1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.148.199.253 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-199-253.us-west-2.compute.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

cef0427b6e047c2ad3394c51530c795a835df54637602c4d1768cb49758f62e9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Origin: https://www.sqreen.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Sumo-Auth: undefined

Response headers

date: Thu, 30 May 2019 20:38:37 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.12.1
status: 200
etag: "-1421097924"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.sqreen.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

POST
H2 200 match Show response
api-iam.intercom.io/messenger/web/messages/258202921/ Frame 0AA4 2 KB
2 KB 436ms
436ms XHR
application/json 13.35.253.67
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/messages/258202921/match

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.35.253.67 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-35-253-67.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

11413969f2943a8fecc5aa2f2a8a31a8924866d806a8518d2d2ad4d30b5817c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://www.sqreen.com
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 May 2019 20:38:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: https://www.sqreen.com
x-cache: Miss from cloudfront
status: 200, 200 OK
strict-transport-security: max-age=31556952; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 0007gtbeueat24cpia50
x-runtime: 0.332402
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"11413969f2943a8fecc5aa2f2a8a31a8"
x-ratelimit-remaining: 1896
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f23.cloudfront.net (CloudFront)
x-intercom-version: 13cdce4a6009c9aa91f9c32a128aceb75b2e510a
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 1559248740
x-ratelimit-limit: 2000
access-control-allow-headers: Content-Type
x-amz-cf-id: praHN7kalyMIhfSv5R5hQSLNHywop7DH3sQRrziPBN9oe2TRW81aEw==

GET
H2 200 vendors~banner~message~messenger.3e7e9afd.js Show response
js.intercomcdn.com/ Frame 0AA4 39 KB
11 KB 17ms
16ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendors~banner~message~messenger.3e7e9afd.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 033ffcb3e47f80e40ebac91a0ccbc93423c498f5ce9e26c00aac806aa04568c2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:12:36 GMT
content-encoding: gzip
etag: "794ebdcb6f1ec79bd9b4d531834cbdee"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1638
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 10750
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: -mPzsdhv_7vGM10yKATes6XNEDYaLn2nxrSD7yXyCtRMzRMFPbc9PQ==

GET
H2 200 vendors~message.0f615ad2.js Show response
js.intercomcdn.com/ Frame 0AA4 30 KB
9 KB 18ms
17ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendors~message.0f615ad2.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aba564e0fb81ce1f72d26601308782d89936878d5b1c2ac96e8f124f5e5e5277

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:12:45 GMT
content-encoding: gzip
etag: "f19fae493007c91ba7db409586239312"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1638
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 8420
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: FK8TKHdRWA48ZxgbTjtoGubAZaCR10pvCqwpsj68oCsxDMSMLzaxbA==

GET
H2 200 banner~message~messenger.c0a6cba2.js Show response
js.intercomcdn.com/ Frame 0AA4 102 KB
22 KB 18ms
18ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/banner~message~messenger.c0a6cba2.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 226d0825ec62b1a98055daf30489943a5b54179d3a0ef47882c3f8a37b145cfc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:12:36 GMT
content-encoding: gzip
etag: "847fcc0e3b6b048e92370544f7da77b7"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1638
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 22566
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: zHhLgrIfSURX7iMC2dprRMUz62NTZiSQIx2wtYppDHg8NctNB2bPHA==

GET
H2 200 message~messenger.1f68a35a.js Show response
js.intercomcdn.com/ Frame 0AA4 179 KB
40 KB 18ms
18ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/message~messenger.1f68a35a.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 756bdb2eeb09d9cb19a4073df387cc2d68943bdf5fffc36c3dc9461688568159

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:12:36 GMT
content-encoding: gzip
etag: "45514a552b5c08a36e495663dd5f6fe7"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1638
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 40997
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: okM8V3wVGh3CmTBxoGEI1HZnuTr7C21jDMuVlIDG73U9m9Sk3vdTnA==

GET
H2 200 message.b0440312.js Show response
js.intercomcdn.com/ Frame 0AA4 98 KB
25 KB 20ms
20ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/message.b0440312.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6c03c721a03f40a96d348ba4b6c4d051cd8611167d9b0c709d431b4327eef503

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:12:45 GMT
content-encoding: gzip
etag: "d9072461b08443adde412de99d858730"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1638
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 24810
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: _ESEgRpfL2s8pqK3t_2AUoDLzam5AvuDR4ZFh-iqMoLliho51E0bAw==

GET
H2 200 stylesheet.3d708ba0.js Show response
js.intercomcdn.com/ Frame 0AA4 274 KB
34 KB 19ms
18ms Script
application/javascript 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/stylesheet.3d708ba0.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.e8bd5f6e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5773f29f9ec0dada3e69e5e7df93ba62a8d32dfdb9685f9facd6c1dc454c36b6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 20:11:48 GMT
content-encoding: gzip
etag: "c747d35f61c1f68b465dde69470dedc9"
last-modified: Thu, 30 May 2019 18:05:58 GMT
server: AmazonS3
age: 1639
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 34488
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
x-amz-cf-id: Z4BGWFCGFftSTvy3wqc6nsrDLCbVwJlQvkjWa0czOHOycnrlG9fcdA==

GET
H2 200 proximanova-regular.a7942249.woff
js.intercomcdn.com/fonts/ Frame 0C72 28 KB
29 KB 62ms
18ms Font
application/font-woff 13.35.253.116
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.116 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-116.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
Origin: https://www.sqreen.com

Response headers

date: Thu, 30 May 2019 13:10:26 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
age: 222
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 3000
content-length: 28960
last-modified: Wed, 29 May 2019 23:50:59 GMT
server: AmazonS3
etag: "a7942249ca925ef356c0f2b1dab17ef3"
vary: Origin
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: nXNZFTXmfwp5fWCsYqaYbNvYAkyWSwlCXKlXJKTQlgXkk-zgXF8Onw==

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 7ms
5ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j76&a=1332711346&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.sqreen.com%2Fchecklists%2Fsaas-cto-security-checklist&dp=%2Fchecklists%2Fsaas-cto-security-checklist&ul=en-us&de=UTF-8&dt=SaaS%20CTO%20Security%20Checklist%20%7C%20Sqreen&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Intercom%20Messenger&ea=Triggered%20Message&el=Custom%20Bot%20ID%3A%20%27258202921%27&_u=aHBAgEAj~&jid=399199685&gjid=1045563793&cid=915166736.1559248715&tid=UA-64824410-1&_gid=543669902.1559248715&z=1745729310

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2019 03:35:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7146218
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j76&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&gjid=1045563793&_gid=543669902.1559248715&_u=aHBAgEAj~&z=1160326974
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&_v=j76&z=1160326974
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&_v=j76&z=1160326974&slf_rd=1&random=1602682795

42 B
109 B

18ms
18ms

Image
image/gif

2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&_v=j76&z=1160326974&slf_rd=1&random=1602682795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:41 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 May 2019 20:38:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-64824410-1&cid=915166736.1559248715&jid=399199685&_v=j76&z=1160326974&slf_rd=1&random=1602682795
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dismiss.249568e7.png
js.intercomcdn.com/images/ Frame D2E4 124 B
497 B 234ms
234ms Image
image/png 13.35.253.11
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js.intercomcdn.com/images/dismiss.249568e7.png
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/message~messenger.1f68a35a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.11 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-11.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3878bc01fed86222528eaaad9dd98fac94e82c88e7d8bf6e5e3750db93f6caa3

Request headers

Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 May 2019 19:53:04 GMT
via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
etag: "249568e72cec7bca9d1887e46abe4f74"
last-modified: Fri, 09 Nov 2018 19:23:26 GMT
server: AmazonS3
age: 2738
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
content-length: 124
x-amz-cf-id: Q0PjAT77AjphkyhUz7rRLtMkImeagmtKOScd1SlX-DG6qbvU7IbImg==

GET
H2 200 proximanova-semibold.46e3f047.woff
js.intercomcdn.com/fonts/ Frame D2E4 28 KB
29 KB 22ms
21ms Font
application/font-woff 13.35.253.116
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/message~messenger.1f68a35a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.116 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-116.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a4f797cc141bbd16a3341cf3f4f482f0ecd00e14c206cbd2f77c5ca7bc9e704

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
Origin: https://www.sqreen.com

Response headers

date: Mon, 27 May 2019 06:17:24 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
age: 222
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 3000
content-length: 28732
last-modified: Fri, 24 May 2019 21:09:44 GMT
server: AmazonS3
etag: "46e3f047b6d568624167376a87e01ebd"
vary: Origin
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: UsafReoulhVT3jLZ1d7uMi_jgWMMoskxxzQfIQ36PLNXZ7OT9vH3kw==

GET
H2 200 proximanova-regular.a7942249.woff
js.intercomcdn.com/fonts/ Frame D2E4 28 KB
29 KB 28ms
28ms Font
application/font-woff 13.35.253.116
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/message~messenger.1f68a35a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.116 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-116.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.sqreen.com/checklists/saas-cto-security-checklist
Origin: https://www.sqreen.com

Response headers

date: Thu, 30 May 2019 13:10:26 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
age: 222
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 3000
content-length: 28960
last-modified: Wed, 29 May 2019 23:50:59 GMT
server: AmazonS3
etag: "a7942249ca925ef356c0f2b1dab17ef3"
vary: Origin
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: rXZ7dzYvz60hhe4akR39i71NhAwD-TfPJrXd-zIDDimebyBefMv2gw==

GET
H2 200 custom_avatar-1537460127.png
static.intercomassets.com/avatars/772520/square_128/ Frame D2E4 6 KB
7 KB 73ms
15ms Image
image/png 13.35.253.60
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.intercomassets.com/avatars/772520/square_128/custom_avatar-1537460127.png?1537460127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.60 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5161deea54291d3ea395e84397cac9ec2c6a36ef830be19c7b82eb900984385d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 11 May 2019 10:05:39 GMT
via: 1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
last-modified: Thu, 20 Sep 2018 16:15:28 GMT
server: AmazonS3
age: 27810
etag: "fc2f1b4bc2539377610543a2ca177eaf"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-length: 6451
x-amz-cf-id: AWdXBR5RIJbwzSndP7pBweemdt2IBYYeYepGWCyWMXXhUgHYa3su9w==

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sqreen.com/	1970-01-19 03:17:04	Name: _fbp Value: fb.1.1559248715227.1626523020
.sqreen.com/	1970-01-19 18:38:40	Name: _ga Value: GA1.2.915166736.1559248715
.sqreen.com/	1970-01-19 18:38:40	Name: _hp2_id.3784968534 Value: %7B%22userId%22%3A%228646310629341304%22%2C%22pageviewId%22%3A%224267271048382316%22%2C%22sessionId%22%3A%227997357880949237%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.sqreen.com/	1970-01-19 09:53:04	Name: ajs_group_id Value: null
www.sqreen.com/	1970-01-19 18:38:40	Name: _drip_client_4774553 Value: vid%253D6b6f2870022f4c7a9349d67c47fc70fc%2526pageViews%253D1%2526sessionPageCount%253D1%2526lastVisitedAt%253D1559248715475%2526weeklySessionCount%253D1%2526lastSessionAt%253D1559248715475
.sqreen.com/	1970-01-19 01:07:28	Name: _gat Value: 1
.sqreen.com/	1970-01-19 01:08:55	Name: _gid Value: GA1.2.543669902.1559248715
.sqreen.com/	1970-01-19 09:53:04	Name: ajs_user_id Value: null
.sqreen.com/	1970-01-19 01:07:30	Name: _hp2_ses_props.3784968534 Value: %7B%22ts%22%3A1559248715074%2C%22d%22%3A%22www.sqreen.com%22%2C%22h%22%3A%22%2Fchecklists%2Fsaas-cto-security-checklist%22%7D
.sqreen.com/	1970-01-19 09:53:04	Name: ajs_anonymous_id Value: %22182ea1f2-269a-4ac2-ba4b-bb8afaf60fc1%22
www.sqreen.com/checklists	1970-01-19 01:50:40	Name: __smVID Value: b22478c65b8f7b9bb44bfabb7e774323eae1aa4155825182541d73d623fb0a44

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://load.sumo.com/78.ead014270ffc1593d711.js(Line 19) Message: Query variable %s not found
console-api	log	URL: https://load.sumo.com/78.ead014270ffc1593d711.js(Line 1) Message: install sumo badge...
console-api	log	URL: https://load.sumo.com/78.ead014270ffc1593d711.js(Line 19) Message: Query variable %s not found
console-api	info	URL: https://load.sumo.com/78.ead014270ffc1593d711.js(Line 1) Message: CREATING SANDBOX FOR services/index/#services/index
console-api	info	URL: https://load.sumo.com/78.ead014270ffc1593d711.js(Line 1) Message: CREATING SANDBOX FOR 156085c5-0017-4150-b225-a731ad248f38/service/#156085c5-0017-4150-b225-a731ad248f38/service
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: rendering share...
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: rendering for desktop...
console-api	log	URL: https://load.sumo.com/14.ead014270ffc1593d711.js(Line 1) Message: style buffer update...
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: buffer
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: facebook
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: facebooklike
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: googleplus
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: linkedin
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: pinterest
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: reddit
console-api	log	URL: https://load.sumo.com/18.ead014270ffc1593d711.js(Line 1) Message: yummly

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
analytics.twitter.com
api-iam.intercom.io
api.getdrip.com
api.producthunt.com
api.segment.io
assets.sqreen.com
cdn.heapanalytics.com
cdn.segment.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
cs.marinsm.com
d33wubrfki0l68.cloudfront.net
fonts.googleapis.com
fullstory.com
googleads.g.doubleclick.net
heapanalytics.com
js.intercomcdn.com
load.sumo.com
pixel-geo.prfct.co
pixel.prfct.co
pixel.rubiconproject.com
px.ads.linkedin.com
reports-api.sqreen.com
rs.fullstory.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.intercomassets.com
stats.g.doubleclick.net
sumo.com
t.co
tag.getdrip.com
tag.perfectaudience.com
us-u.openx.net
widget.intercom.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.sqreen.com
104.244.42.195
104.244.42.5
13.35.253.11
13.35.253.116
13.35.253.118
13.35.253.127
13.35.253.23
13.35.253.27
13.35.253.60
13.35.253.67
13.35.254.25
13.35.255.17
151.101.2.217
151.101.36.157
172.217.16.194
173.241.240.143
18.203.165.119
18.203.78.160
185.33.223.209
2001:4860:4802:32::15
205.185.208.52
213.19.162.90
216.58.206.2
2606:4700::6812:e753
2606:4700::6813:c697
2a00:1288:110:833::4000
2a00:1450:4001:814::200e
2a00:1450:4001:819::200a
2a00:1450:4001:81b::2002
2a00:1450:4001:81d::2004
2a00:1450:4001:81e::2003
2a00:1450:4001:81f::2008
2a00:1450:400c:c06::9d
2a00:f48:2000:1023::3
2a02:26f0:6c00:28c::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a03:b0c0:3:d0::d19:7001
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
3.210.113.103
34.224.253.46
35.186.194.58
52.5.43.50
52.89.222.195
54.148.199.253
99.86.0.85
033ffcb3e47f80e40ebac91a0ccbc93423c498f5ce9e26c00aac806aa04568c2
06c97fc5209f9b2d2fbeeffd654ed6b230f13f1863d22d82157dfc2432f39a6e
06d38da8ea4edf750c8fb4f749f5b71a6dba952fd924a55771c0ccc213339eab
080bd454a720acfee846ed5ca61c16079e819386234c4c37d79ddb3e50387124
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11413969f2943a8fecc5aa2f2a8a31a8924866d806a8518d2d2ad4d30b5817c0
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
13e9741d8619b07a7e0779171ec4a35d0ee8dad0592a65088f9d3f31af274d43
201e76e12be19deaa5fa7bf5c1057b38ab1c707361c7c3afb0699b17a58268cd
226d0825ec62b1a98055daf30489943a5b54179d3a0ef47882c3f8a37b145cfc
22aeb8cee932e631898fd5d70be0df46020a7c74d9a992d74983d0a71950d2c1
252f563b05537cd837045b9184bdf4191740afb8ea503b4e1371f064cf082354
2af5ac856905489a8fdff13e98ef0ba74683f3e6ef24692bb372409115bcc863
2b972c0a9e9a2c94bb689fa663bf268ca6d703fe33e967a24d73fd16fa2818b7
306d4d57ca77621de5c58085840d025e0464235c45b4615758d7539a14f01d2c
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3878bc01fed86222528eaaad9dd98fac94e82c88e7d8bf6e5e3750db93f6caa3
3a4cb9952361603bb0e1d4ed1fa061cf2a8d95d2ca8b98dec0a4869db0b2e2ea
3aac45bc63eb96ac821b0278d857dea94d54875c5aba9a0b8a83863a4de398de
3ba84ba04a8963559da5488d4bc05c347c6be5e3a093dc77efbb34619d0239b0
3d575ae8f1a75f096790ef37ed1a23da89b6e027eb1caccb8fa839a9c1d46b93
45ce5914131712abde6f6295aab763fbb880857f14a43e77f64ebeac374f5145
4976bdfa792eaeec191f6b9a88beb27c2d7a15c2c2670fab634eed012f4567e0
4a320c52c63a44c676ba2c6d00c5ab74fc031b16d768c1933cbfd27c20c2b4c4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6d2f0360d0cc9c7ba34f26b2d05e80a72cb944b53460587bf00ddb82ef89ba
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f1e04c8dc819624310c7e775bd87ab978ff984addc3ffbccb89f63a255de002
4fa051988de64ab5a747873766694b77fe5a73abf8ae76a61540f6c35e4bed91
5161deea54291d3ea395e84397cac9ec2c6a36ef830be19c7b82eb900984385d
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5773f29f9ec0dada3e69e5e7df93ba62a8d32dfdb9685f9facd6c1dc454c36b6
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
5e7cc919d6aad76a106d34dfa95d2b87d6cd925eb8e19fcfbc98a7c79e4b3ed9
6c03c721a03f40a96d348ba4b6c4d051cd8611167d9b0c709d431b4327eef503
756bdb2eeb09d9cb19a4073df387cc2d68943bdf5fffc36c3dc9461688568159
778dbb09e125ec1f371890b33e7e59215c90c0f713d04278da7848784f5aa36d
788c8ad823f8510d4f447d4dacb5ff3f7df8b751eec34d04740a6490f3d3003c
7dcf4dbd2ec98aac130fc6028affd9c50e57653e5222bfadaa2d4a49979c7405
7f936c6d936210f1d3074419ae0309b83dff45cf4a07b1043e9afc4682da560e
800c7c35a963a9013c3792ab4296a663d6c05bb768254434807a9419a9f42a0a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86415edd037333c99ecd802c083cd1ce92cc24fb0ec1d7e29765c705acccc5ee
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
88d8f5940f276e396e399cf7e1dd1832933e8e6fddc9cf9f3ea938f3d299581f
89234daa48fe35d73611023e3cdfda2f56895fdd6664df24802c2ab416b24e60
8a106b1424352f04311e0d87f9920a25472b7c3bcb6407d144bf1a13cf2d35d7
8f73acea2f431f8cb870e52e70e361d58848984334cbc2853d2c9feb1d111fdc
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
921349a9979962b0a95cf858c2dcc0dcdafea0609e01f078c1b93f8ed1e6d7fd
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
941646615b49ab10baa636da830645f2b25c4e1843c8dfdb319a2c9ac898e453
96d5170836c948a74d16789c6e3518fd913e8b36fa804ae6207241807524803e
977cd119e7e8c9816b0b18c901cb08a48e1d5c4a7c4a63ba524640d1c1156f1f
99f98dbdc42cfe095ad06ce2a2a676106205dc4f4ee64b04c759de608a55abfe
9a4f797cc141bbd16a3341cf3f4f482f0ecd00e14c206cbd2f77c5ca7bc9e704
9c40f13cd1c3c7338bab7aa23cd5d7b197c79a9cd96ccca801f8937767f67642
9c66db1dd04369b5fb796cfbb3581c58aff30816ba38bbd81b605d7d6a567358
9faa87a9ba61d47fe53ddb764f13f9e65111a9b41dd23c6028ce11f07f13a48a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a275a2b875378f8727cf0910679f171c73982c569101b03f77a88df16facb338
a43f0fcd7917f43261cf6447dd1398e59c989d521219af6217507292823353a9
a81000491efd155e13581c1d0bdb55cdea871d028fac637a6a15758eeb60187e
ab7239ac20ad779edc8d40e2fcd90b4b4d3b6568f9a2f4df38cab9632c3a933d
aba564e0fb81ce1f72d26601308782d89936878d5b1c2ac96e8f124f5e5e5277
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20
b1c8f8bcb11c05acba0f31f1084a632aa807ef1dc6387b6a927aef887b530a6d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
bebbe9bc343df004372f29e4189b79f76cf1b38ad3e2d37df9ca05c36dc43d98
c00e3b7618941f3f60f6064cf70a06b03bb3ce9932a271acf6e51dfcf9eae3ad
c307f9d7dd63c2288f9b40b4f940f36de97d426f2571d0cac84e38de653ed707
c36eb9f49a231993fa4ead31474f6ba49fbba5b2b8630a6d0abb64b3740226c1
c67fbd71a2ad22aa4ca690c817658a287abfd85a12030f0f436e8072b1b9c7ce
c7a26afa5331a4f7e0f5ef7d02a6162fcc9eb9f9e8a3364ec2f9b4eb4007c767
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
cd6beb3b5a5f9810edc4ffe47f0a33b9a6017e88ed176a52cf400d4c962b665c
cde17d7478c6077fbdc7d7ed33accf2c0d9c4c2a9fac98e09e3883a1262dc9ee
ce2dc45c0adef73039fafb13f6147ac6d4e9c27f5e2839126500fa3eef483c34
cef0427b6e047c2ad3394c51530c795a835df54637602c4d1768cb49758f62e9
d53035e1fdb22e81ef3b55ee42294b0bba342aa8351678029783c83219aa8b28
d5c416aad5a93ec52210006b33c49fd56518f38daa131352ab96f70bfbbdd4df
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e2dc50c839bf82562e15cb36d80a37a65799905200bf02e1a7bf5ed42f1b1e07
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b5a2b94aec057605c3660c462ad1affc88c7d902ee0665c045d96cd4dce2e3
e5b6d6d4ccf96f50e9aa6ba5d235888cb7e82f309f89d86925b4ca0cf5678e42
e714a123414245ff10cf0c0e4d2301965cd12643c56659c5534e8cc851251478
e986032f29885a46b943e3ff7042c79c8c8ac09f5c70bdfdf28cae4229c05730
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e6382aa070301007ee92dbaaef83c9f6075f9d86ee3632c82a609f02c6fc1f
f2822d60f9ebd42bf712d5417a8fc4d846afd7f26a3a6afb5838698deeaf2b2a
f848b5614a9f5b0329cd4f846301d8e32d55c69d10aced4fe14fe35aaea548f8
fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3
fe483eb76cd8a58d6c9302816a048a03e7aeb04828a7bb73850b3831f694c42f
fe6cee0c35d2e8b5900b4ca5f2fabc074258e0e690bcfc26da9b998182ef3664

www.sqreen.com Open in urlscan Pro 2a03:b0c0:3:d0::d19:7001 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

117 Requests

100 %HTTPS

38 %IPv6

35 Domains

46 Subdomains

43 IPs

7 Countries

2142 kBTransfer

8545 kBSize

11 Cookies

107 Outgoing links

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.sqreen.com Open in urlscan Pro
2a03:b0c0:3:d0::d19:7001 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

100 %
HTTPS

38 %
IPv6

35
Domains

46
Subdomains

43
IPs

7
Countries

2142 kB
Transfer

8545 kB
Size

11
Cookies

117 HTTP transactions
3 data transactions