urlscan.io logo urlscan.io
SecurityTrails logo

www.dekra.com Open in urlscan Pro
40.68.63.129  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.dekra-claims-services.com/
Effective URL: https://www.dekra.com/en/claims-and-expertise/
Submission: On April 12 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 19 HTTP transactions. The main IP is 40.68.63.129, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.dekra.com.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on September 30th 2021. Valid for: a year.
This is the only time www.dekra.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 91.205.36.73 50824 (DEKRA-AG)
9 40.68.63.129 8075 (MICROSOFT...)
6 20.113.32.175 8075 (MICROSOFT...)
1 151.101.128.217 54113 (FASTLY)
2 62.50.120.125 12374 (LFNET-AS01)
19 5
1    91.205.36.73 (Stuttgart, Germany)

ASN50824 (DEKRA-AG, DE)
www.dekra-claims-services.com
9    40.68.63.129 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.dekra.com
6    20.113.32.175 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
media.dekra.com
1    151.101.128.217 (United States)

ASN54113 (FASTLY, US)
player.vimeo.com
2    62.50.120.125 (Germany)

ASN12374 (LFNET-AS01, DE)
PTR: revproxy01.dekra.bawue.com
matomo.dekra.bawue.com
Apex Domain
Subdomains		 Transfer
15 dekra.com
www.dekra.com
media.dekra.com
983 KB
2 bawue.com
matomo.dekra.bawue.com
63 KB
1 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 1755
7 KB
1 dekra-claims-services.com
www.dekra-claims-services.com
470 B
19 4
Domain Requested by
9 www.dekra.com www.dekra.com
6 media.dekra.com www.dekra.com
2 matomo.dekra.bawue.com www.dekra.com
matomo.dekra.bawue.com
1 player.vimeo.com www.dekra.com
1 www.dekra-claims-services.com 1 redirects
19 5

This site contains links to these domains. Also see Links.

Domain
www.dekra-lossadjusterssurveyors.com
www.xing.com
www.linkedin.com
www.youtube.com
Subject Issuer Validity Valid
www.dekra.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-09-30 -
2022-09-30		 a year crt.sh
media.dekra.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-09-30 -
2022-09-30		 a year crt.sh
*.vimeo.com
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-03-07 -
2023-04-08		 a year crt.sh
matomo.dekra.bawue.com
R3		 2022-02-11 -
2022-05-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.dekra.com/en/claims-and-expertise/
Frame ID: DC690C121F97DB16681740853F4F3EB6
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Claims & Expertise – Professional expert appraisals | DEKRA

Page URL History Show full URLs

  1. https://www.dekra-claims-services.com/ HTTP 301
    https://www.dekra.com/en/claims-and-expertise/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • require.*\.js
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

1052 kB
Transfer

2229 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.dekra-claims-services.com/ HTTP 301
    https://www.dekra.com/en/claims-and-expertise/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.dekra.com/en/claims-and-expertise/
Redirect Chain
  • https://www.dekra-claims-services.com/
  • https://www.dekra.com/en/claims-and-expertise/
101 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
93d6f3c166be0b50262da2b1ebaaa77a712fcc4e2c423d9ae92b4aa5fa11ee44
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=600, private, must-revalidate
content-encoding
gzip
content-length
26526
content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
content-type
text/html;charset=UTF-8
date
Tue, 12 Apr 2022 13:17:14 GMT
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Referer,Accept-Encoding,User-Agent,Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin
x-xss-protection
1; mode=block

Redirect headers

Connection
close
Content-Length
0
Content-Security-Policy
default-src 'self'; img-src *
Content-Type
text/plain
Date
Tue, 12 Apr 2022 13:17:13 GMT
Location
https://www.dekra.com/en/claims-and-expertise/
Server
Apache
Strict-Transport-Security
max-age=0
X-Content-Security-Policy
default-src 'self'; allow 'self'; img-src *
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
fa-light-2.woff2
www.dekra.com/media/system-files/fonts/ 		180 KB
180 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/media/system-files/fonts/fa-light-2.woff2
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1ddc6ae069ea7aedb68a92d53a12933a5a326f28c714869b99f335377dcce217
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.dekra.com/en/claims-and-expertise/
Origin
https://www.dekra.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
date
Tue, 12 Apr 2022 13:17:14 GMT
x-frame-options
sameorigin
content-type
font/woff2
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
vary
Access-Control-Request-Headers
content-length
184204
x-content-type-options
nosniff
style.css
www.dekra.com/media/system-files/css/ 		743 KB
134 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/media/system-files/css/style.css?497401
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a72c83776e0eefdb8aa254b09076c0cbede9f5b4a1c33dfd6c031ab5a73443d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/en/claims-and-expertise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:10 GMT
x-frame-options
sameorigin
date
Tue, 12 Apr 2022 13:17:14 GMT
vary
Access-Control-Request-Headers,Accept-Encoding
content-type
text/css
cache-control
max-age=604800, public
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
x-xss-protection
1; mode=block
logo-small.jpg
media.dekra.com/media/en-us/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/en-us/logo-small.jpg
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
75568598bda2003507d62e15b7578a65c6864bf3967c31b0a6762bbbe919464a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 Apr 2022 19:22:32 KRAT
Date
Tue, 12 Apr 2022 13:17:14 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
22097
X-Content-Type-Options
nosniff
logo-ohne-claim-small.jpg
media.dekra.com/media/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/logo-ohne-claim-small.jpg
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
77c77ce31813849eff547cd8ccc64e2ab34b95be357826bb8f924299b4cecd02
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 Apr 2022 19:20:14 KRAT
Date
Tue, 12 Apr 2022 13:17:14 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
18387
X-Content-Type-Options
nosniff
1x1.png
www.dekra.com/media/system-files/img/ 		70 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dekra.com/media/system-files/img/1x1.png
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44d5041f007d30a9b7079bd3a42ef6da96c4cda10a25b1bcc5a0a6f92b0aadcc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/en/claims-and-expertise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
date
Tue, 12 Apr 2022 13:17:14 GMT
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
vary
Access-Control-Request-Headers
content-length
70
x-content-type-options
nosniff
jquery-3-5-0-min.js
www.dekra.com/media/system-files/js/ 		87 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/media/system-files/js/jquery-3-5-0-min.js
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/en/claims-and-expertise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
x-frame-options
sameorigin
date
Tue, 12 Apr 2022 13:17:14 GMT
vary
Access-Control-Request-Headers,Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
39727
x-xss-protection
1; mode=block
modernizr-custom5557ac.js
www.dekra.com/media/system-files/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/media/system-files/js/modernizr-custom5557ac.js
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9f02c3634b59fbbb77b28f4af3055a8b9982b923fb82c055cc7e8a807e45e6a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/en/claims-and-expertise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
x-frame-options
sameorigin
date
Tue, 12 Apr 2022 13:17:14 GMT
vary
Access-Control-Request-Headers,Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
2481
x-xss-protection
1; mode=block
require-2120min.js
www.dekra.com/media/system-files/js/ 		15 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/media/system-files/js/require-2120min.js
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a1bd9fcc0c344e088f4c4d340fb4ab6e8a1154a1c5fd83ac5f4de8fd70e8c9b4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/en/claims-and-expertise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
x-frame-options
sameorigin
date
Tue, 12 Apr 2022 13:17:14 GMT
vary
Access-Control-Request-Headers,Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
7756
x-xss-protection
1; mode=block
sprite.png
www.dekra.com/media/system-files/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dekra.com/media/system-files/img/sprite.png
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/media/system-files/css/style.css?497401
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
38a382c30430fa17093ebbeef5cd8cb3acda2914d0373a8ff6f129e99507ee44
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/media/system-files/css/style.css?497401
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
date
Tue, 12 Apr 2022 13:17:14 GMT
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000, public
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
vary
Access-Control-Request-Headers
content-length
5078
x-content-type-options
nosniff
script-nod3-min.js
www.dekra.com/media/system-files/js/ 		653 KB
225 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dekra.com/media/system-files/js/script-nod3-min.js?497401
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/media/system-files/js/require-2120min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.63.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ef484362562c9a28e1454c48bdf3cd313d89027fd40fa1c9610a48d63d6ad786
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/en/claims-and-expertise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 11:45:09 GMT
x-frame-options
sameorigin
date
Tue, 12 Apr 2022 13:17:14 GMT
vary
Access-Control-Request-Headers,Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
x-xss-protection
1; mode=block
1x1.png
www.dekra.com/media/system-files/img/ 		0
0
claims-handling-dekra_340x255.jpg
media.dekra.com/media/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/claims-handling-dekra_340x255.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3c0144719b9c45442da3ac3810b481b22b5b193c5ec935f3c3673167fa8dc5b8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 Apr 2022 19:20:27 KRAT
Date
Tue, 12 Apr 2022 13:17:14 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
31479
X-Content-Type-Options
nosniff
loss-adjusting-dekra_340x255.png
media.dekra.com/media/ 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/loss-adjusting-dekra_340x255.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
be34a4965ff556e9fb9c8893078a6535c8a421d2738a2896d960a7f36068c015
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 Apr 2022 19:23:22 KRAT
Date
Tue, 12 Apr 2022 13:17:14 GMT
X-Frame-Options
sameorigin
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
119510
X-Content-Type-Options
nosniff
player.js
player.vimeo.com/api/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/media/system-files/js/require-2120min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c973bdd65f848dff89ec0cbee8716a2449fe526c0b630d5a0e23ab350d8db2ed
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

X-Varnish-Cache
1
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
575
X-Cache
HIT
P3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
Connection
keep-alive
X-VServer
infra-playproxy-b-3
Content-Length
5969
X-Xss-Protection
1; mode=block
X-Served-By
cache-hhn4071-HHN
X-Player-Backend
p
Expires
Tue, 12 Apr 2022 13:26:09 GMT
Server
nginx
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Timer
S1649769434.438369,VS0,VE0
Date
Tue, 12 Apr 2022 13:17:14 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript;charset=utf-8
Via
1.1 varnish, 1.1 varnish
Vary
Accept-Encoding
X-Vimeo-DC
ge
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
X-Cache-Hits
1416
matomo.js
matomo.dekra.bawue.com/ 		63 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://matomo.dekra.bawue.com/matomo.js
Requested by
Host: www.dekra.com
URL: https://www.dekra.com/en/claims-and-expertise/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
62.50.120.125 , Germany, ASN12374 (LFNET-AS01, DE),
Reverse DNS
revproxy01.dekra.bawue.com
Software
openresty /
Resource Hash
3e0361122fe1fdced0bd7ae4c33f21d083f7b63a99e79a66b3111a943b160f70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 13:13:19 GMT
x-server-revproxy
s='https' t='http://vserv38.di.dekra.com' f='138.199.38.132' sp='HTTP/2.0' sport='443' host='matomo.dekra.bawue.com'
last-modified
Fri, 11 Mar 2022 07:37:22 GMT
server
openresty
etag
"622afc32-fa13"
content-type
application/javascript
accept-ranges
bytes
content-length
64019
matomo.php
matomo.dekra.bawue.com/ 		0
229 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://matomo.dekra.bawue.com/matomo.php?action_name=Claims%20%26%20Expertise%20%E2%80%93%20Professional%20expert%20appraisals%20%7C%20DEKRA&idsite=4&rec=1&r=635843&h=13&m=17&s=14&url=https%3A%2F%2Fwww.dekra.com%2Fen%2Fclaims-and-expertise%2F&_id=c958d8c06bf5c59b&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=HOAfKQ&pf_net=47&pf_srv=47&pf_tfr=2&pf_dm1=229&pf_dm2=135&pf_onl=0
Requested by
Host: matomo.dekra.bawue.com
URL: https://matomo.dekra.bawue.com/matomo.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
62.50.120.125 , Germany, ASN12374 (LFNET-AS01, DE),
Reverse DNS
revproxy01.dekra.bawue.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.dekra.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin
https://www.dekra.com
date
Tue, 12 Apr 2022 13:13:19 GMT
x-server-revproxy
s='https' t='http://vserv38.di.dekra.com' f='138.199.38.132' sp='HTTP/2.0' sport='443' host='matomo.dekra.bawue.com'
access-control-allow-credentials
true
server
openresty
vary
Origin
vehicle-management-services-dekra_340x255.png
media.dekra.com/media/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/vehicle-management-services-dekra_340x255.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6232424baaa3b70be55e29cf0449f63b4a61236d9fe89830b0d1242a539c899a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 Apr 2022 19:21:57 KRAT
Date
Tue, 12 Apr 2022 13:17:14 GMT
X-Frame-Options
sameorigin
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
127716
X-Content-Type-Options
nosniff
vehicle-appraisal-services-dekra_340x255.jpg
media.dekra.com/media/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.dekra.com/media/vehicle-appraisal-services-dekra_340x255.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.113.32.175 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
db16fb5fa3a2e75f891d13696d0e044e68f2b8b2159fb719acad7b7396bb5744
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.dekra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 Apr 2022 19:21:54 KRAT
Date
Tue, 12 Apr 2022 13:17:14 GMT
X-Frame-Options
sameorigin
Content-Type
image/jpeg
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000, public
Accept-Ranges
bytes
Vary
Access-Control-Request-Headers
Content-Length
48420
X-Content-Type-Options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.dekra.com
URL
https://www.dekra.com/media/system-files/img/1x1.png

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| TRACKING string| PRIVACY_SETTINGS boolean| thirdPartyEnabled undefined| privacySettings object| onloadQueue object| lang object| datepickerInt object| chartData object| cmsTrigger object| FontAwesomeConfig function| $ function| jQuery object| Modernizr function| require function| requirejs function| define object| EasyAutocomplete undefined| _ boolean| tapHandling boolean| tappy object| OpenShare object| lazySizes object| picturefillCFG function| picturefill undefined| Backbone function| getPrivacySettings function| getPrivacySettingsSession function| addParameter function| matomoOptout function| getUserLocation function| hasUserLocation function| saveUserLocation function| search function| removeLocationIdParameterFromLocalStorage function| getLocationIdParameterFromLocalStorage function| storeLocationIdParameterIntoLocalStorage function| removeLocationIdParameterFromUrl function| getLocationIdFromUrlParameter function| getUrlParameterValue boolean| VimeoPlayerResizeEmbeds_ object| app object| _paq string| LOCATION_ID object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

4 Cookies

Domain/Path Name / Value
www.dekra.com/ Name: JSESSIONID
Value: 9DC0EA92EEA0C7D70D44408399AB5782
media.dekra.com/ Name: JSESSIONID
Value: D2825439639017ACB306482C776568E9
www.dekra.com/ Name: _pk_id.4.09a2
Value: c958d8c06bf5c59b.1649769435.
www.dekra.com/ Name: _pk_ses.4.09a2
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

matomo.dekra.bawue.com
media.dekra.com
player.vimeo.com
www.dekra-claims-services.com
www.dekra.com
www.dekra.com
151.101.128.217
20.113.32.175
40.68.63.129
62.50.120.125
91.205.36.73
1ddc6ae069ea7aedb68a92d53a12933a5a326f28c714869b99f335377dcce217
38a382c30430fa17093ebbeef5cd8cb3acda2914d0373a8ff6f129e99507ee44
3c0144719b9c45442da3ac3810b481b22b5b193c5ec935f3c3673167fa8dc5b8
3e0361122fe1fdced0bd7ae4c33f21d083f7b63a99e79a66b3111a943b160f70
44d5041f007d30a9b7079bd3a42ef6da96c4cda10a25b1bcc5a0a6f92b0aadcc
6232424baaa3b70be55e29cf0449f63b4a61236d9fe89830b0d1242a539c899a
75568598bda2003507d62e15b7578a65c6864bf3967c31b0a6762bbbe919464a
77c77ce31813849eff547cd8ccc64e2ab34b95be357826bb8f924299b4cecd02
93d6f3c166be0b50262da2b1ebaaa77a712fcc4e2c423d9ae92b4aa5fa11ee44
9f02c3634b59fbbb77b28f4af3055a8b9982b923fb82c055cc7e8a807e45e6a9
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
a1bd9fcc0c344e088f4c4d340fb4ab6e8a1154a1c5fd83ac5f4de8fd70e8c9b4
a72c83776e0eefdb8aa254b09076c0cbede9f5b4a1c33dfd6c031ab5a73443d8
be34a4965ff556e9fb9c8893078a6535c8a421d2738a2896d960a7f36068c015
c973bdd65f848dff89ec0cbee8716a2449fe526c0b630d5a0e23ab350d8db2ed
db16fb5fa3a2e75f891d13696d0e044e68f2b8b2159fb719acad7b7396bb5744
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef484362562c9a28e1454c48bdf3cd313d89027fd40fa1c9610a48d63d6ad786