Submitted URL: https://eol.sage.co.uk/api/1.0/cloud-id-employee/login?inviteId=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D
Effective URL: https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4Mnhn...
Submission: On July 20 via manual from IN — Scanned from DE

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 104.16.1.19, located in and belongs to CLOUDFLARENET, US. The main domain is id.sage.com. The Cisco Umbrella rank of the primary domain is 135267.
TLS certificate: Issued by GeoTrust RSA CA 2018 on April 12th 2022. Valid for: a year.
This is the only time id.sage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.16.121.26 13335 (CLOUDFLAR...)
1 2 104.16.1.19 13335 (CLOUDFLAR...)
8 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
11 5
Apex Domain
Subdomains
Transfer
10 sage.com
id.sage.com — Cisco Umbrella Rank: 135267
signin.sso.sage.com — Cisco Umbrella Rank: 234339
345 KB
1 gstatic.com
fonts.gstatic.com
24 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 72
914 B
1 sage.co.uk
eol.sage.co.uk — Cisco Umbrella Rank: 384099
1 KB
11 4
Domain Requested by
8 signin.sso.sage.com id.sage.com
signin.sso.sage.com
2 id.sage.com 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com signin.sso.sage.com
1 eol.sage.co.uk 1 redirects
11 5

This site contains no links.

Subject Issuer Validity Valid
*.sage.com
GeoTrust RSA CA 2018
2022-04-12 -
2023-04-12
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-08 -
2023-06-07
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-06-27 -
2022-09-19
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-07-04 -
2022-09-26
3 months crt.sh

This page contains 1 frames:

Primary Page: https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4MnhnT084TWNYZGlOSkc2SjdXYXJ5WVejY2lk2SBwbVJXY3J3VDV5WHpqaFRFUDluNzR1R01wNkVPcnBDdw&client=pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw&protocol=oauth2&nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-employee%2Fcallback&scope=openid%20email
Frame ID: DACC8BC7B6E6AD2813A3DAB8E5DDC802
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Sage ID

Page URL History Show full URLs

  1. https://eol.sage.co.uk/api/1.0/cloud-id-employee/login?inviteId=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D HTTP 302
    https://id.sage.com/authorize?nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA... HTTP 302
    https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3Rp... Page URL

Page Statistics

11
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

368 kB
Transfer

1070 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://eol.sage.co.uk/api/1.0/cloud-id-employee/login?inviteId=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D HTTP 302
    https://id.sage.com/authorize?nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-employee%2Fcallback&scope=openid%20email&state=PGoisGxt5DQvBSCbd6dPQARw&client_id=pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw HTTP 302
    https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4MnhnT084TWNYZGlOSkc2SjdXYXJ5WVejY2lk2SBwbVJXY3J3VDV5WHpqaFRFUDluNzR1R01wNkVPcnBDdw&client=pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw&protocol=oauth2&nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-employee%2Fcallback&scope=openid%20email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
id.sage.com/
Redirect Chain
  • https://eol.sage.co.uk/api/1.0/cloud-id-employee/login?inviteId=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D
  • https://id.sage.com/authorize?nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-emp...
  • https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4MnhnT084TWNYZGlOSkc2SjdXYXJ5WVejY2lk2SBwbVJXY3J3VDV5WHpqaFRFUDluNzR1R01wNkVPcnBDdw&cl...
5 KB
5 KB
Document
General
Full URL
https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4MnhnT084TWNYZGlOSkc2SjdXYXJ5WVejY2lk2SBwbVJXY3J3VDV5WHpqaFRFUDluNzR1R01wNkVPcnBDdw&client=pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw&protocol=oauth2&nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-employee%2Fcallback&scope=openid%20email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.1.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d230bb52d1f190384c3645ed6411b258b4192b0951eb3bb527fc51a0cdbd67fe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, max-age=0, no-transform, no-cache
cf-cache-status
DYNAMIC
cf-ray
72dde755ba1968fe-FRA
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Wed, 20 Jul 2022 18:54:08 GMT
etag
W/"13ad-H6SL33pgWS6V0LNNqJzD6FFYuc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ot-baggage-auth0-request-id
72dde755f20268fe
ot-tracer-sampled
true
ot-tracer-spanid
46ae08fc65ef8027
ot-tracer-traceid
09a154eb318d6918
pragma
no-cache
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-46ae08fc65ef8027-000000000000000009a154eb318d6918-01
tracestate
auth0-request-id=72dde755f20268fe
vary
Accept-Encoding
x-auth0-requestid
19a67b69f11309fe97b4
x-content-type-options
nosniff
x-frame-options
deny
x-ratelimit-limit
1000
x-ratelimit-remaining
999
x-ratelimit-reset
1658343249
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store, max-age=0, no-transform, no-cache
cf-cache-status
DYNAMIC
cf-ray
72dde7531e9568fe-FRA
content-length
972
content-type
text/html; charset=utf-8
date
Wed, 20 Jul 2022 18:54:08 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4MnhnT084TWNYZGlOSkc2SjdXYXJ5WVejY2lk2SBwbVJXY3J3VDV5WHpqaFRFUDluNzR1R01wNkVPcnBDdw&client=pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw&protocol=oauth2&nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-employee%2Fcallback&scope=openid%20email
ot-baggage-auth0-request-id
72dde754b15a68fe
ot-tracer-sampled
true
ot-tracer-spanid
635fbbf011a803f0
ot-tracer-traceid
1e70541e7a755844
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-635fbbf011a803f0-00000000000000001e70541e7a755844-01
tracestate
auth0-request-id=72dde754b15a68fe
vary
Accept, Accept-Encoding
x-auth0-requestid
592198a18a212043596d
x-content-type-options
nosniff
x-ratelimit-limit
1000
x-ratelimit-remaining
999
x-ratelimit-reset
1658343249
loginEntryPoint.fpsxdo-529854.js
signin.sso.sage.com/buildV2/static/js/
5 KB
3 KB
Script
General
Full URL
https://signin.sso.sage.com/buildV2/static/js/loginEntryPoint.fpsxdo-529854.js
Requested by
Host: id.sage.com
URL: https://id.sage.com/login?state=hKFo2SBRaTZySS1adzYxeWZreExjWlRVQ3hWY3Z5OTc5ZUxtaqFupWxvZ2luo3RpZNkgcjhSdVlVcEN4MnhnT084TWNYZGlOSkc2SjdXYXJ5WVejY2lk2SBwbVJXY3J3VDV5WHpqaFRFUDluNzR1R01wNkVPcnBDdw&client=pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw&protocol=oauth2&nonce=d691838c2d008b5ecaa3dda87b386d2e&invite_id=BKHvnK%2Fe8joH0CA7WJEW6A%3D%3D&response_type=code&redirect_uri=https%3A%2F%2Feol.sage.co.uk%2Fapi%2F1.0%2Fcloud-id-employee%2Fcallback&scope=openid%20email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b585f5f062136c2a2511cabcc88c2f317738e18f3fa15f2cbed53ea1f55e4118
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 18:54:08 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
5959
x-xss-protection
1
last-modified
Wed, 25 May 2022 15:20:56 GMT
server
cloudflare
x-frame-options
DENY
etag
"1d8704b079caf6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
no-cache, no-store
x-correlation-id
992921c8-6ac1-4f76-8ebe-efddc846dd61
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde75729255b3e-FRA
pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw
signin.sso.sage.com/idp-discovery/client-strategy/
43 B
897 B
XHR
General
Full URL
https://signin.sso.sage.com/idp-discovery/client-strategy/pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV2/static/js/loginEntryPoint.fpsxdo-529854.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b85f73e2494be4cb135b764ebf7da0d774d8a2c77cefa5efd37fbb6a88adcd06
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 18:54:08 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000
x-xss-protection
1
pragma
no-cache
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://id.sage.com
access-control-expose-headers
RateLimitToken,RateLimitChallengeRequired
cache-control
no-store,no-cache
x-correlation-id
0e71bfe6-f509-43a9-a4bd-0b9b29c355aa
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde757ddf29bd1-FRA
main-v1.fpsxdo-529854.css
signin.sso.sage.com/buildV1/static/css/
168 KB
34 KB
Stylesheet
General
Full URL
https://signin.sso.sage.com/buildV1/static/css/main-v1.fpsxdo-529854.css
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV2/static/js/loginEntryPoint.fpsxdo-529854.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee2c52d39fdde2feb15045148c8b52bd1ae0b07e122c473a3783c5b2d2ff9529
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 18:54:08 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
1926
x-xss-protection
1
last-modified
Wed, 25 May 2022 15:20:56 GMT
server
cloudflare
x-frame-options
DENY
etag
"1d8704b079e1dd2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
no-cache, no-store
x-correlation-id
537e0490-30f5-4381-bb4e-2fc01c4013ea
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde758ead25b3e-FRA
bundle-v1.fpsxdo-529854.js
signin.sso.sage.com/buildV1/static/js/
859 KB
299 KB
Script
General
Full URL
https://signin.sso.sage.com/buildV1/static/js/bundle-v1.fpsxdo-529854.js
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV2/static/js/loginEntryPoint.fpsxdo-529854.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d37a3447f17505b2bfe167daa52c85a9a6748471c49f6d69736880de7f56eea2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 18:54:08 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
1926
x-xss-protection
1
last-modified
Wed, 25 May 2022 15:20:56 GMT
server
cloudflare
x-frame-options
DENY
etag
"1d8704b0791d041"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000
content-type
application/javascript
cache-control
no-cache, no-store
x-correlation-id
3d6191df-46db-4657-9bfb-40f4fa276f46
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde758ead45b3e-FRA
css
fonts.googleapis.com/
2 KB
914 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,900
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV1/static/css/main-v1.fpsxdo-529854.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f886fd1b5af3a3e24b1ecf7c9f46da418c49b5d3a5f4903dee72ef4fcdae5e8b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 20 Jul 2022 18:06:08 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Jul 2022 18:54:08 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Jul 2022 18:54:08 GMT
pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw
signin.sso.sage.com/idp-discovery/client-connections/
130 B
436 B
Fetch
General
Full URL
https://signin.sso.sage.com/idp-discovery/client-connections/pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV1/static/js/bundle-v1.fpsxdo-529854.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d95792200108bcc7054a8ee1837c7dbf89d8d67c998388b2facf275216eeba2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 18:54:09 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000
x-xss-protection
1
pragma
no-cache
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://id.sage.com
access-control-expose-headers
RateLimitToken,RateLimitChallengeRequired
cache-control
no-store,no-cache
x-correlation-id
61e2675c-6eba-436d-aac4-d326cd83333f
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde759ea379bd1-FRA
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/
23 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://id.sage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 17:08:09 GMT
x-content-type-options
nosniff
age
92760
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Jul 2023 17:08:09 GMT
pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw
signin.sso.sage.com/context-data/client/
88 B
397 B
Fetch
General
Full URL
https://signin.sso.sage.com/context-data/client/pmRWcrwT5yXzjhTEP9n74uGMp6EOrpCw
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV1/static/js/bundle-v1.fpsxdo-529854.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b9a848829f3190d39af9d97f13cc830e1fdbf352509c34e0a5dae521aace10e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 18:54:09 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000
x-xss-protection
1
pragma
no-cache
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://id.sage.com
access-control-expose-headers
RateLimitToken,RateLimitChallengeRequired
cache-control
no-store,no-cache
x-correlation-id
ebaba1be-fd5e-49f6-94a7-aef93fcc9988
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde75adbfa9bd1-FRA
validate
signin.sso.sage.com/invite/
0
0
Preflight
General
Full URL
https://signin.sso.sage.com/invite/validate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://id.sage.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,CorrelationID,AuthenticatedClient,ClientRateLimitToken,RateLimitToken,RateLimitCaptchaResponse,X-Requested-With
access-control-allow-methods
POST
access-control-allow-origin
https://id.sage.com
cf-cache-status
DYNAMIC
cf-ray
72dde75b5cd49bd1-FRA
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
date
Wed, 20 Jul 2022 18:54:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
strict-transport-security
max-age=31536000
vary
Origin, Accept-Encoding
x-correlation-id
4181ad7f-5b8a-4ced-a8d6-4febb78095d1
x-frame-options
DENY
x-xss-protection
1
validate
signin.sso.sage.com/invite/
24 B
355 B
Fetch
General
Full URL
https://signin.sso.sage.com/invite/validate
Requested by
Host: signin.sso.sage.com
URL: https://signin.sso.sage.com/buildV1/static/js/bundle-v1.fpsxdo-529854.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
860da5632eab0e1928ae9dc33d6abc02e07176c70ae02cdb366cc09ec933bdab
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
content-type
application/json

Response headers

date
Wed, 20 Jul 2022 18:54:09 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000
x-xss-protection
1
pragma
no-cache
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Origin
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://id.sage.com
access-control-expose-headers
RateLimitToken,RateLimitChallengeRequired
cache-control
no-store,no-cache
x-correlation-id
ae56b014-71e6-4ae0-92f7-c04bcd0cf5c2
content-security-policy
default-src 'self' https://www.google.com/recaptcha/;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self';img-src 'self' data:;font-src 'self';connect-src 'self';frame-src 'self' https://www.google.com/recaptcha/;
cf-ray
72dde75c6ee99bd1-FRA
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
957ba1a25f4759118f4eb4a2e2549726996038bbcd822bca6d1a41c113fe0c9f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| idpDiscoveryBase string| encodedAuth0Config string| domain string| buildHash string| brand object| __core-js_shared__ object| core function| setImmediate function| clearImmediate function| _

11 Cookies

Domain/Path Name / Value
id.sage.com/usernamepassword/login Name: _csrf
Value: dYIDaXghfpIb7OCGpOgiW5u9
eol.sage.co.uk/ Name: lang
Value: de-DE
eol.sage.co.uk/ Name: bc1136b1-2a56-410d-b5d0-7856cf3e7b9c
Value: s%3AuJ0emv2rrO9u47nzNzQzUNchv9uwNGym.TJhr%2Fg0S5J32PP%2BNS09%2FUKusfQxYdcKj0qYQ2dCZMxc
.sage.co.uk/ Name: __cf_bm
Value: TfSW09BfqdeqXlrK8Y4KnSPMx3LvZarfPVGGOxDOBno-1658343247-0-AVVstseeZoefT8d6luxTlnocVVou31x8OuXimROuVHt/gNVWzAnudaRjd9KiwcjZDf1dXf7vSeAS0DXmIBhrkbw=
id.sage.com/ Name: did
Value: s%3Av0%3A55c09aa0-085d-11ed-910f-57002ee1f741.xEiyfBd73%2B8C7jbCeODuD9Jj8vPnzigMzQEch35R5zA
id.sage.com/ Name: auth0
Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQB8bPUZqxUgg_4yyxh8QfFpxRsvg8dIzTVTQ5Omoet91pclSE0zRFtONZhSfOaxTZGPgw3cshXfcG-CWOTBFUPamY29va2llg6dleHBpcmVz1_85dXkAYtxD0K5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.kqieUTt0Zic3%2BF%2Fd1EcarkqnmDmqk%2F%2BhJSVXcuVa21s
id.sage.com/ Name: did_compat
Value: s%3Av0%3A55c09aa0-085d-11ed-910f-57002ee1f741.xEiyfBd73%2B8C7jbCeODuD9Jj8vPnzigMzQEch35R5zA
id.sage.com/ Name: auth0_compat
Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQB8bPUZqxUgg_4yyxh8QfFpxRsvg8dIzTVTQ5Omoet91pclSE0zRFtONZhSfOaxTZGPgw3cshXfcG-CWOTBFUPamY29va2llg6dleHBpcmVz1_85dXkAYtxD0K5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.kqieUTt0Zic3%2BF%2Fd1EcarkqnmDmqk%2F%2BhJSVXcuVa21s
.sage.com/ Name: __cf_bm
Value: 1jH_Q4FeUfk8B9LdsgNL2xQ8LTJNT62yPOF0JinDcf8-1658343248-0-AS7erJHmgjy9UQcsaYjiBax8eh0ml6BIVxvX6MxuiQBImAEn3Poaw0z+ySsI9NoUfpHXiYN+50yQtCZQNChiFnI=
.sage.com/ Name: __cfruid
Value: bb5853870c5a01f6e6293b63f04263f67083f457-1658343248
.sso.sage.com/ Name: __cf_bm
Value: vIxBbGmXEFngEWjS5_G0DoH9dK3f7BY_P6j732cdyA8-1658343248-0-AbqbOx0JnMFhShNCTfixjJRlAOAa72otZJWDlTbdtHRVxatI9vYRYeeMjWGPFuyDCfowAgJvgOmbCWF5oZ1MYvU=

1 Console Messages

Source Level URL
Text
network error URL: https://signin.sso.sage.com/invite/validate
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block