charles-academy-2.hello-charles.com Open in urlscan Pro
2606:4700:10::ac43:cd3  Public Scan

Submitted URL: https://charles-academy-2.hello-charles.com/
Effective URL: https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Submission: On January 12 via api from US — Scanned from US

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 22 HTTP transactions. The main IP is 2606:4700:10::ac43:cd3, located in United States and belongs to CLOUDFLARENET, US. The main domain is charles-academy-2.hello-charles.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 9th 2023. Valid for: a year.
This is the only time charles-academy-2.hello-charles.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2a04:4e42::622 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
1 108.159.227.64 16509 (AMAZON-02)
1 44.209.255.147 14618 (AMAZON-AES)
22 7
Apex Domain
Subdomains
Transfer
12 hello-charles.com
charles-academy-2.hello-charles.com
cdn.hello-charles.com — Cisco Umbrella Rank: 268547
3 MB
3 appcues.com
fast.appcues.com — Cisco Umbrella Rank: 15411
135 KB
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 5941
heapanalytics.com — Cisco Umbrella Rank: 4932
38 KB
2 gstatic.com
www.gstatic.com
18 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 115
931 B
22 5
Domain Requested by
10 charles-academy-2.hello-charles.com charles-academy-2.hello-charles.com
3 fast.appcues.com charles-academy-2.hello-charles.com
fast.appcues.com
2 cdn.hello-charles.com charles-academy-2.hello-charles.com
2 www.gstatic.com charles-academy-2.hello-charles.com
1 heapanalytics.com
1 cdn.heapanalytics.com charles-academy-2.hello-charles.com
1 fonts.googleapis.com charles-academy-2.hello-charles.com
22 7

This site contains links to these domains. Also see Links.

Domain
oauth.prod.charlesidentity.com
Subject Issuer Validity Valid
hello-charles.com
Cloudflare Inc ECC CA-3
2023-10-09 -
2024-10-08
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
fast.appcues.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3
2023-08-05 -
2024-09-05
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-11-20 -
2024-02-12
3 months crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M01
2023-06-29 -
2024-07-27
a year crt.sh
heapanalytics.com
Amazon RSA 2048 M02
2023-11-09 -
2024-12-08
a year crt.sh

This page contains 1 frames:

Primary Page: https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Frame ID: 417B1572EEE1469A412D3584E676B139
Requests: 23 HTTP requests in this frame

Screenshot

Page Title

Charles Universe

Page URL History Show full URLs

  1. https://charles-academy-2.hello-charles.com/ Page URL
  2. https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase

Overall confidence: 100%
Detected patterns
  • heap-\d+\.js

Page Statistics

22
Requests

91 %
HTTPS

67 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

2825 kB
Transfer

12485 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://charles-academy-2.hello-charles.com/ Page URL
  2. https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
charles-academy-2.hello-charles.com/
10 KB
5 KB
Document
General
Full URL
https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06292675ba177b5184addb0ddf5f6b32662748d95e4c66b72467e83acf38237f
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-da87c7eb4070ca490a906be879d5d083' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-da87c7eb4070ca490a906be879d5d083' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84463a885ef818f6-EWR
content-encoding
gzip
content-security-policy
default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-da87c7eb4070ca490a906be879d5d083' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-da87c7eb4070ca490a906be879d5d083' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
content-type
text/html
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 14:53:22 GMT
expect-ct
max-age=0
expires
0
last-modified
Tue, 09 Jan 2024 17:06:13 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
8c4fbeea-0585-4e32-b59f-6510e5dba224
x-xss-protection
0
css2
fonts.googleapis.com/
3 KB
931 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Karla:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c65d97091b3775acbfbbd978d5b6b73100d3ef2bad63d052a74ce4713fc696bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 12 Jan 2024 14:53:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 14:43:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 12 Jan 2024 14:53:22 GMT
130785.js
fast.appcues.com/
22 KB
6 KB
Script
General
Full URL
https://fast.appcues.com/130785.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b3f35dd906c0ea000a00a099de112772b727b992fa4030ea57db9c0b91657c51

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:22 GMT
content-encoding
gzip
via
1.1 varnish
age
0
x-cache
MISS
content-length
5290
x-request-id
F6mhOaEGBdtAmv4wPwkB
x-served-by
cache-lga21921-LGA
server
Cowboy
x-timer
S1705071203.785357,VS0,VE82
vary
accept-encoding, Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=120,public
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
0
vendor.44590fa3.js
charles-academy-2.hello-charles.com/js/
4 MB
1 MB
Script
General
Full URL
https://charles-academy-2.hello-charles.com/js/vendor.44590fa3.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fab06131b52ef5e32baca3e0c703968202a5528a5eefa79ce59779a53a304108
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-85685b589727f56f15333b8de93b9048' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-85685b589727f56f15333b8de93b9048' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:23 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-85685b589727f56f15333b8de93b9048' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-85685b589727f56f15333b8de93b9048' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
9fd50410-0345-4024-a669-932af472a6b9
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 09 Jan 2024 17:06:13 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"4005ad-iuqH735ZzeiMATP/revM7LO2fMI"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
84463a8a088b18f6-EWR
charles.2ef9fd67.js
charles-academy-2.hello-charles.com/js/
1 MB
241 KB
Script
General
Full URL
https://charles-academy-2.hello-charles.com/js/charles.2ef9fd67.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b363a854a81f6a6a2d9a9b3aeba4d234486610b6f60ac916ce527d858626a789
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-300411c8c0ac27e05f95b5529f4cf8e0' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-300411c8c0ac27e05f95b5529f4cf8e0' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:23 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-300411c8c0ac27e05f95b5529f4cf8e0' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-300411c8c0ac27e05f95b5529f4cf8e0' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
d468706e-2075-4fe4-b5f9-481080a65117
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 09 Jan 2024 17:06:13 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"135555-kR60/hB3QzsJ7bwHrHHzE15Umi4"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
84463a8a088f18f6-EWR
app.d8bc5987.js
charles-academy-2.hello-charles.com/js/
3 MB
739 KB
Script
General
Full URL
https://charles-academy-2.hello-charles.com/js/app.d8bc5987.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62b547b07a6487388ee070a52ea917706f87ac926689cb80ec664d4f09a989d8
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-637d38055d91ea3bfdbdea27526539c2' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-637d38055d91ea3bfdbdea27526539c2' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:23 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-637d38055d91ea3bfdbdea27526539c2' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-637d38055d91ea3bfdbdea27526539c2' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
256b3218-275a-46e6-ae8d-c31cd56c1da2
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 09 Jan 2024 17:06:13 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"2eeb5d-JGv92obdIxID7gA0zs/hXUM3FOc"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
84463a8a089118f6-EWR
app.8dd2b508.css
charles-academy-2.hello-charles.com/css/
562 KB
105 KB
Stylesheet
General
Full URL
https://charles-academy-2.hello-charles.com/css/app.8dd2b508.css
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51d07edb107b50d9f4cdb8923f32b21bdaf82200c3733c74de1683e0523ad7f5
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-5cf91846b6dd67547ef76426e7863a09' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-5cf91846b6dd67547ef76426e7863a09' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:22 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-5cf91846b6dd67547ef76426e7863a09' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-5cf91846b6dd67547ef76426e7863a09' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
bea290a7-0450-4fa1-a682-f0c6386dab86
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 09 Jan 2024 17:06:13 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"8c655-xqz+Jzc8lVW6F8hVX7kOXzo5Ork"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
84463a894fcc18f6-EWR
firebase-app.js
www.gstatic.com/firebasejs/8.4.1/
21 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 04:39:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
123217
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6763
x-xss-protection
0
last-modified
Tue, 13 Apr 2021 06:56:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 Jan 2025 04:39:45 GMT
firebase-messaging.js
www.gstatic.com/firebasejs/8.4.1/
40 KB
11 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 10 Jan 2024 08:50:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194564
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10908
x-xss-protection
0
last-modified
Tue, 13 Apr 2021 06:56:17 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Jan 2025 08:50:38 GMT
appcues.main.2e1a7af3d1edc109498384420a442364dde6b93c.js
fast.appcues.com/generic/main/4.60.65/
449 KB
127 KB
Script
General
Full URL
https://fast.appcues.com/generic/main/4.60.65/appcues.main.2e1a7af3d1edc109498384420a442364dde6b93c.js
Requested by
Host: fast.appcues.com
URL: https://fast.appcues.com/130785.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1b6b1cdf808e68e7bb93db0164b06766ab8a3fe4d6235187119c8a3bc261bd86

Request headers

Referer
https://charles-academy-2.hello-charles.com/
Origin
https://charles-academy-2.hello-charles.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:22 GMT
content-encoding
gzip
via
1.1 varnish
x-amz-request-id
XA68N5Y54ATB3GJX
age
245914
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
129770
x-amz-id-2
stXl+ZCZqHHC86PwYJbeE/0kstEEiY/gCfWuPhKtD0Dcy9nmP3iy4L3QkDXJzbVEsxxnSqroNUA=
x-served-by
cache-lga21961-LGA
last-modified
Tue, 09 Jan 2024 18:26:19 GMT
server
AmazonS3
x-timer
S1705071203.903092,VS0,VE0
etag
"1cbbea9dbdaff2fee58455b233e2307b"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
903
container.2e1a7af3d1edc109498384420a442364dde6b93c.css
fast.appcues.com/generic/main/4.60.65/
16 KB
2 KB
Stylesheet
General
Full URL
https://fast.appcues.com/generic/main/4.60.65/container.2e1a7af3d1edc109498384420a442364dde6b93c.css
Requested by
Host: fast.appcues.com
URL: https://fast.appcues.com/generic/main/4.60.65/appcues.main.2e1a7af3d1edc109498384420a442364dde6b93c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb

Request headers

Referer
https://charles-academy-2.hello-charles.com/
Origin
https://charles-academy-2.hello-charles.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:23 GMT
content-encoding
gzip
via
1.1 varnish
x-amz-request-id
5WD5X494WFEZ948Z
age
245914
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
1992
x-amz-id-2
YD7DjgekHIz6nTh6B+0qeeUJDwR6yPhQZOrzRHy07w6QOSuVFB7Nj27xIL0UHKg55u231ctTcZ8=
x-served-by
cache-lga21961-LGA
last-modified
Tue, 09 Jan 2024 18:26:19 GMT
server
AmazonS3
x-timer
S1705071203.117759,VS0,VE0
etag
"5be05ce494e7cac41d062a0b12a1657c"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/css; charset=utf-8;
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
13730
heap-3355954813.js
cdn.heapanalytics.com/js/
127 KB
38 KB
Script
General
Full URL
https://cdn.heapanalytics.com/js/heap-3355954813.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.159.227.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-159-227-64.ord56.r.cloudfront.net
Software
nginx / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:52:25 GMT
content-encoding
br
via
1.1 ddf37d12ac6373c1561a67b71dfb8816.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
ORD56-P4
age
59
x-powered-by
Express
etag
W/"1fa7d-2+jd+nexE0wex0A8lAP3iHT4aZY"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
Twv0uz-928FuEfBQ2ubODfeOcI1uJu6OWtg-Z0mlxUWCVN-l235xbw==
emojis-json.a235a801.js
charles-academy-2.hello-charles.com/js/
0
28 KB
Other
General
Full URL
https://charles-academy-2.hello-charles.com/js/emojis-json.a235a801.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/js/app.d8bc5987.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-fa4fc379d7ab27fb81c5232e4b7b09e8' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-fa4fc379d7ab27fb81c5232e4b7b09e8' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:24 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-fa4fc379d7ab27fb81c5232e4b7b09e8' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-fa4fc379d7ab27fb81c5232e4b7b09e8' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
338c7fb3-6b1a-4615-bf03-fa2e7d86f730
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 09 Jan 2024 17:06:13 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"34db4-VzUeNqV2o0rH46X7xHqb1vGMw2o"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
84463a955ad618f6-EWR
truncated
/
66 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type
image/webp
me
charles-academy-2.hello-charles.com/api/v0/
144 B
1 KB
XHR
General
Full URL
https://charles-academy-2.hello-charles.com/api/v0/me
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/js/charles.2ef9fd67.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-dd87f7b7a344608a84af7608dfac7897' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-dd87f7b7a344608a84af7608dfac7897' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json; charset=utf-8
Referer
https://charles-academy-2.hello-charles.com/
X-Client-Type
Charles SDK JavaScript
X-Client-Version
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:24 GMT
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-dd87f7b7a344608a84af7608dfac7897' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-dd87f7b7a344608a84af7608dfac7897' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
DYNAMIC
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
server-timing
total; dur=4.323112; desc="Total Response Time"
content-length
144
x-xss-protection
0
x-request-id
4c90820a-8370-4a3d-abb7-f402fdf9f913
x-response-time
5.485ms
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"90-GIH5PEbz6fyphe46B1iDWHjRfRg"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/json; charset=utf-8
content-language
en-US
x-download-options
noopen
access-control-expose-headers
Content-Type,Content-Language,Authorization,Accept,Accept-Language,Origin,X-Resource-Count,X-Charles-Cache,X-Requested-With,X-HTTP-Method-Override,Server-Timing
access-control-allow-credentials
true
x-ratelimit-reset
1705071991
x-ratelimit-limit
10000
cf-ray
84463a956ae018f6-EWR
x-ratelimit-remaining
9999
97a20212-a568-4a1c-94db-a7543cc24b78
https://charles-academy-2.hello-charles.com/
4 KB
0
Other
General
Full URL
blob:https://charles-academy-2.hello-charles.com/97a20212-a568-4a1c-94db-a7543cc24b78
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length
4520
Content-Type
application/javascript
97a20212-a568-4a1c-94db-a7543cc24b78
https://charles-academy-2.hello-charles.com/
4 KB
0
Other
General
Full URL
blob:https://charles-academy-2.hello-charles.com/97a20212-a568-4a1c-94db-a7543cc24b78
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length
4520
Content-Type
application/javascript
Primary Request auth
charles-academy-2.hello-charles.com/api/
4 KB
2 KB
Document
General
Full URL
https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/js/app.d8bc5987.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0a192409671850eefc4abec36b7736c3492076674f68d3031c0c2598ee0b528
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-10d9be6b09d803bfa2ff135d7789c373' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-10d9be6b09d803bfa2ff135d7789c373' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://charles-academy-2.hello-charles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-expose-headers
Content-Type,Content-Language,Authorization,Accept,Accept-Language,Origin,X-Resource-Count,X-Charles-Cache,X-Requested-With,X-HTTP-Method-Override,Server-Timing
cf-cache-status
DYNAMIC
cf-ray
84463a969c2118f6-EWR
content-encoding
gzip
content-language
en-US
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-10d9be6b09d803bfa2ff135d7789c373' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-10d9be6b09d803bfa2ff135d7789c373' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 14:53:25 GMT
expect-ct
max-age=0
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
server-timing
total; dur=37.177921; desc="Total Response Time"
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Origin
via
1.1 google
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-ratelimit-limit
10000
x-ratelimit-remaining
9999
x-ratelimit-reset
1705071992
x-request-id
5148f615-9328-432d-9273-b2fa51c3bc63
x-response-time
40.089ms
x-xss-protection
0
h
heapanalytics.com/
37 B
261 B
Image
General
Full URL
https://heapanalytics.com/h?a=3355954813&u=4265703190544817&v=5246589001819044&s=591196379181392&b=web&tv=4.0&z=0&h=%2F&d=charles-academy-2.hello-charles.com&k=Screen%20Dimensions%20Dashboard%20page&k=1600%20x%201200&k=Screen%20orientation%20Dashboard%20page&k=Horizontal&ts=1705071204913&st=1705071204917
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.209.255.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-209-255-147.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Jan 2024 14:53:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
style.css
charles-academy-2.hello-charles.com/api/public/stylesheets/
3 MB
241 KB
Stylesheet
General
Full URL
https://charles-academy-2.hello-charles.com/api/public/stylesheets/style.css
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dacc7944c13d1fa21eaf26b49314810d5f6be866030f443017914f46d1a69cc5
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-0755b4c3950f54522577b369f048e789' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-0755b4c3950f54522577b369f048e789' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:25 GMT
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-0755b4c3950f54522577b369f048e789' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-0755b4c3950f54522577b369f048e789' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
1d688f62-cade-4ed2-a1f8-968f614608d1
x-response-time
14.149ms
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 09 Jan 2024 17:06:30 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2cb01b-m2lWQlDYRkX4nvJZ2wbaqaMZwK0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
x-download-options
noopen
cache-control
max-age=36000, must-revalidate
cf-ray
84463a979cdd18f6-EWR
login.js
charles-academy-2.hello-charles.com/api/oauth/
1 KB
1 KB
Script
General
Full URL
https://charles-academy-2.hello-charles.com/api/oauth/login.js
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
562f25537a9f3ccfceee414e65f529d18677f0817b2c4e0eb529465659c18f5a
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-340a6c2a5039ac29647afb5b21aff8c7' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-340a6c2a5039ac29647afb5b21aff8c7' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:25 GMT
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-340a6c2a5039ac29647afb5b21aff8c7' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-340a6c2a5039ac29647afb5b21aff8c7' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
server-timing
total; dur=2.721012; desc="Total Response Time"
x-xss-protection
0
x-request-id
a842e8a5-b53f-4493-acea-4f6475ccf87f
x-response-time
3.655ms
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"4a9-h34ht4Kai7vJaOPchlvgL8vIIzY"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
content-language
en-US
x-download-options
noopen
access-control-expose-headers
Content-Type,Content-Language,Authorization,Accept,Accept-Language,Origin,X-Resource-Count,X-Charles-Cache,X-Requested-With,X-HTTP-Method-Override,Server-Timing
access-control-allow-credentials
true
x-ratelimit-reset
1705071992
x-ratelimit-limit
10000
cf-ray
84463a979cdf18f6-EWR
x-ratelimit-remaining
9999
logo_text.svg
cdn.hello-charles.com/charles-agent-ui/statics/logo/
3 KB
1 KB
Image
General
Full URL
https://cdn.hello-charles.com/charles-agent-ui/statics/logo/logo_text.svg
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
247c637963da1a490b39fde9308c2f0c3976b1482cc740e0e7b025411b7702eb
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:25 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
gzip
x-guploader-uploadid
ABPtcPonaQirDej2_n001iOsD2_dEq_1JT0OQc1jtl15OVwEuU-rzaQzIgPK4Drx1VaZcu7LH80
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Fri, 12 Mar 2021 10:30:09 GMT
server
cloudflare
etag
W/"e63f010afde448ac2da8c6915b31764f"
vary
Accept-Encoding
x-goog-generation
1615545009109758
content-type
image/svg+xml
access-control-allow-origin
*
x-goog-hash
crc32c=mTvQCQ==, md5=5j8BCv3kSKwtqMaRWzF2Tw==
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
2781
cf-ray
84463a981d4c18f6-EWR
expires
Fri, 12 Jan 2024 15:53:25 GMT
typie-black-outline.png
cdn.hello-charles.com/assets/icons/integrations/charles/charles-identity/
21 KB
21 KB
Image
General
Full URL
https://cdn.hello-charles.com/assets/icons/integrations/charles/charles-identity/typie-black-outline.png
Requested by
Host: charles-academy-2.hello-charles.com
URL: https://charles-academy-2.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3051a54e14015e206c5a2550730917a918554e5476bd07a72db59d07eccc2dab
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://charles-academy-2.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:53:25 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-guploader-uploadid
ABPtcPpeKs3djeHbe6AS82t2FfIGggZs5Z4LVBlaLMduN4Tz-mcPEaBqLlkggLMComgh21Fxla0
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
21238
last-modified
Wed, 03 May 2023 12:39:32 GMT
server
cloudflare
etag
"02e3d0a0d4fb49037b77e0d77f383e90"
vary
Accept-Encoding
x-goog-generation
1683117572319877
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=s5efFA==, md5=AuPQoNT7SQN7d+DXfzg+kA==
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
21238
accept-ranges
bytes
cf-ray
84463a980d4b18f6-EWR
expires
Fri, 12 Jan 2024 15:53:25 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture undefined| authCode undefined| refreshToken undefined| accessToken function| initAuth function| signInCallback function| post

2 Cookies

Domain/Path Name / Value
.hello-charles.com/ Name: _hp2_id.3355954813
Value: %7B%22userId%22%3A%224265703190544817%22%2C%22pageviewId%22%3A%225246589001819044%22%2C%22sessionId%22%3A%22591196379181392%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.hello-charles.com/ Name: _hp2_ses_props.3355954813
Value: %7B%22ts%22%3A1705071204913%2C%22d%22%3A%22charles-academy-2.hello-charles.com%22%2C%22h%22%3A%22%2F%22%7D

1 Console Messages

Source Level URL
Text
network error URL: https://charles-academy-2.hello-charles.com/api/v0/me
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://charles-academy-2.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-a41b908e-5cea-460b-8506-911118d1e822.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-da87c7eb4070ca490a906be879d5d083' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-da87c7eb4070ca490a906be879d5d083' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.heapanalytics.com
cdn.hello-charles.com
charles-academy-2.hello-charles.com
fast.appcues.com
fonts.googleapis.com
heapanalytics.com
www.gstatic.com
108.159.227.64
2606:4700:10::ac43:cd3
2607:f8b0:4004:c07::5e
2607:f8b0:4004:c1b::5f
2a04:4e42::622
44.209.255.147
06292675ba177b5184addb0ddf5f6b32662748d95e4c66b72467e83acf38237f
1b6b1cdf808e68e7bb93db0164b06766ab8a3fe4d6235187119c8a3bc261bd86
247c637963da1a490b39fde9308c2f0c3976b1482cc740e0e7b025411b7702eb
3051a54e14015e206c5a2550730917a918554e5476bd07a72db59d07eccc2dab
51d07edb107b50d9f4cdb8923f32b21bdaf82200c3733c74de1683e0523ad7f5
562f25537a9f3ccfceee414e65f529d18677f0817b2c4e0eb529465659c18f5a
62b547b07a6487388ee070a52ea917706f87ac926689cb80ec664d4f09a989d8
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
b0a192409671850eefc4abec36b7736c3492076674f68d3031c0c2598ee0b528
b363a854a81f6a6a2d9a9b3aeba4d234486610b6f60ac916ce527d858626a789
b3f35dd906c0ea000a00a099de112772b727b992fa4030ea57db9c0b91657c51
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb
c65d97091b3775acbfbbd978d5b6b73100d3ef2bad63d052a74ce4713fc696bd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
dacc7944c13d1fa21eaf26b49314810d5f6be866030f443017914f46d1a69cc5
fab06131b52ef5e32baca3e0c703968202a5528a5eefa79ce59779a53a304108