Dropbox - URL Scan Results

Summary

A Concise Overview of the scan result of url https://www.dropbox.com/scl/fi/0fapir5gdzoftbx7a2ma9/Untitled.paper?rlkey=gqb1lxj60prs0vhlb13cohh30&st=mxeyztab&dl=0

Document
HTML
2
StyleSheets
0
Scripts
0
Font
0
Images
1
Links
0
JavaScript Variables
18
Console log messages
0
Network
Requests
25
Bytes Transferred
52.74KB
Bytes Total
183.23KB

DNS Record
CNAME Record
2
A Record
1
AAAA Record
1
Technology
UI frameworks
1
Reverse proxies
1
Payment processors
1
Security
1
Miscellaneous
1

Links

The outgoing links identified from the page.

Link	Text

JavaScript Variables

Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.

eventundefinedonbeforetoggleobjectsharedStorageobjectdocumentPictureInPictureobjectfetchLaterfunctiononpageswapobjectonpagerevealobjectfenceobjectonscrollendobjectEDISON_METRICS_JS_EXECUTION_STARTnumberCSP_SCRIPT_NONCEstringaddEdisonLoadCallbackfunctionaddStormcrowLoadCallbackfunctionedisonLoadCallbacksobjectstormcrowLoadCallbacksobject__SERVED_BY_EDISON_WEB_SERVER__booleanPAGE_INIT_DATAobject__VFL_MAP__object

Technology

The technologies identified are present on the scanned URL.

Name	Description	Detected patterns
Security
HSTS https://www.rfc-editor.org/rfc/rfc6797#section-6.1	HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.	Type: headers Name: strict-transport-security Regex: (?:)
Miscellaneous
HTTP/3 https://httpwg.org/	HTTP/3 is the third major version of the Hypertext Transfer Protocol used to exchange information on the World Wide Web.	Type: headers Name: alt-svc Regex: h3
Payment processors
PayPal https://paypal.com	PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders.	Type: headers Name: content-security-policy Regex: \.paypal\.com
Reverse proxies
Envoy https://www.envoyproxy.io/	Envoy is an open-source edge and service proxy, designed for cloud-native applications.	Type: headers Name: server Regex: ^envoy$
UI frameworks
ZURB Foundation https://foundation.zurb.com	Zurb Foundation is used to prototype in the browser. Allows rapid creation of websites or applications while leveraging mobile and responsive technology. The front end framework is the collection of HTML, CSS, and Javascript containing design patterns.	Type: html Regex: <link[^>]{1,250}foundation[^>"]{1,250}css

DNS Record

A DNS record maps a domain name to an IP address or other resource information.

Type	Name	Content	DNSSEC
CNAME	www.dropbox.com	www-env.dropbox-dns.com.	no
A	www-env.dropbox-dns.com	162.125.8.18	no
CNAME	www.dropbox.com	www-env.dropbox-dns.com.	no
AAAA	www-env.dropbox-dns.com	2620:100:601b:18::a27d:812	no

SSL Certificate

An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.

Subject	Issue date	Expiry date	Valid
www.dropbox.com	6/24/2026	6/25/2027	1 year 1 day
cfl.dropboxstatic.com	6/24/2026	6/25/2027	1 year 1 day

HTTP Header

An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.

Name	Value
Alt-Svc	h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control	no-cache, no-store
Content-Encoding	gzip
Content-Security-Policy	base-uri 'self'; child-src https://www.dropbox.com/static/serviceworker/ blob:; connect-src https://* ws://127.0.0.1:/ws blob: wss://dsimports.dropbox.com/; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://.dropboxusercontent.com/p/hls_master_playlist/ https://.dropboxusercontent.com/p/hls_playlist/; font-src 'self' data: https://; form-action https://.purple.officeapps.live-int.com https://officeapps-df.live.com https://.officeapps-df.live.com https://officeapps.live.com https://.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker https://.sharepoint.com/; frame-ancestors 'self' https://.dropbox.com; frame-src https:// dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: blob:; img-src https://* data: blob:; media-src https://* blob:; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://edge-live.dropboxstatic.com/static/; report-to csp-metaserver-whitelist; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://edge-live.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://www.paypal.com/sdk/js https://applepay.cdn-apple.com https://snippet.meticulous.ai/record/ https://edge.cofra.me/cf-static-97646a4fe3e6.js 'nonce-ra9UL0deye4Sh+876NYuylSRKCo='; style-src https://* 'unsafe-inline' 'unsafe-eval'; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: report-to csp-metaserver-dynamic; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-ra9UL0deye4Sh+876NYuylSRKCo=' 'nonce-3w7+jxZgQTGPPG+HyTyhdTbpFlY='
Content-Type	text/html; charset=utf-8
Cross-Origin-Opener-Policy	same-origin-allow-popups
Date	Thu, 25 Jun 2026 17:18:31 GMT
Pragma	no-cache
Referrer-Policy	strict-origin-when-cross-origin
Reporting-Endpoints	coop-dws2="https://www.dropbox.com/csp_log?policy_name=coop-dws2", max_age=10886400, csp-metaserver-whitelist="https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist", max_age=10886400, csp-metaserver-dynamic="https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic", max_age=10886400
Server	envoy
Strict-Transport-Security	max-age=31536000; includeSubDomains
Transfer-Encoding	chunked
Vary	Accept-Encoding
X-Content-Type-Options	nosniff
X-Dropbox-Request-Id	69b80e1712c94007961ebe346a3d62e7
X-Dropbox-Response-Origin	far_remote
X-Permitted-Cross-Domain-Policies	none
X-Robots-Tag	noindex, nofollow, noimageindex
X-Xss-Protection	1; mode=block

Content Security Policy

Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.

Name	Value

Cookies

Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.

Name	Value	Domain/Path	Expires	Secure	HTTP Only
gvc	MTIwMjI3OTM3NTA5NDA1Mzk5MTkyNjk2Nzk4NDIyODQ3OTgyNTUz	www.dropbox.com/	7/30/2027, 5:18:31 PM	yes	yes
t	0Q7cCCIfxeG4U3zAY7d_i9I5	.dropbox.com/	6/25/2027, 5:18:31 PM	yes	yes
__Host-js_csrf	0Q7cCCIfxeG4U3zAY7d_i9I5	www.dropbox.com/	6/25/2027, 5:18:31 PM	yes	no
__Host-ss	TsoUkMm7JQ	www.dropbox.com/	6/25/2027, 5:18:31 PM	yes	yes
locale	en	.dropbox.com/	7/30/2027, 5:18:31 PM	no	no

URL Scan Results for the page [Dropbox](https://www.dropbox.com/scl/fi/0fapir5gdzoftbx7a2ma9/Untitled.paper?rlkey=gqb1lxj60prs0vhlb13cohh30&st=mxeyztab&dl=0)

URL basic Information and screenshot