Summary
A Concise Overview of the scan result of url https://www.instagram.com/0taku_vault?igsh=eWNjZWhwMG5iZXFu
- Document
- HTML
- 1
- StyleSheets
- 2
- Scripts
- 11
- Font
- 0
- Images
- 1
- Links
- 0
- JavaScript Variables
- 32
- Console log messages
- 0
- Network
- Requests
- 15
- Bytes Transferred
- 155.56KB
- Bytes Total
- 892.38KB
- DNS Record
- CNAME Record
- 2
- A Record
- 1
- AAAA Record
- 1
- Technology
- JavaScript frameworks
- 1
- Security
- 1
- Miscellaneous
- 1
Document
Links
The outgoing links identified from the page.
| Link | Text |
|---|
JavaScript Variables
Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.
eventundefinedonbeforetoggleobjectfenceobjectsharedStorageobjectdocumentPictureInPictureobjectfetchLaterfunctiononpageswapobjectonpagerevealobjectmodelobjectonscrollendobjectdataElementobjectcopyVariablesfunctionvariablesobjectEnvobject__annotatorfunction__d_stubobject__dfunction__rl_stubobjectrequireLazyfunction_btldrobject_nowInlfunction_qplInlobjectparamsobjecturistringevent_idstringscript_pathstringweightnumberfb_dtsgobjectlsdstringmarkfunctionstartnumberpobject
Technology
The technologies identified are present on the scanned URL.
| Name | Description | Detected patterns |
|---|---|---|
| JavaScript frameworks | ||
| RxJS is a reactive library used to implement reactive programming to deal with async implementation, callbacks, and event-based programs. | Type: scriptSrc Regex: rx(?:\.\w{1,250})?(?:\.compat|\.global)?(?:\.min)?\.js | |
| Security | ||
| HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS. | Type: headers Name: strict-transport-security Regex: (?:) | |
| Miscellaneous | ||
HTTP/3 | HTTP/3 is the third major version of the Hypertext Transfer Protocol used to exchange information on the World Wide Web. | Type: headers Name: alt-svc Regex: h3 |
Performance
The speed and efficiency of the scanned URL loads and displays its content.
- dns
- 1 msGood
- tcp
- 1 msGood
- requestTime
- 229 msGood
- dom
- 267 msGood
DNS Record
A DNS record maps a domain name to an IP address or other resource information.
| Type | Name | Content | DNSSEC |
|---|---|---|---|
| CNAME | www.instagram.com | z-p42-instagram.c10r.instagram.com. | no |
| A | z-p42-instagram.c10r.instagram.com | 57.144.238.34 | no |
| CNAME | www.instagram.com | z-p42-instagram.c10r.instagram.com. | no |
| AAAA | z-p42-instagram.c10r.instagram.com | 2a03:2880:f378:22:face:b00c:0:4420 | no |
SSL Certificate
An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.
| Subject | Issue date | Expiry date | Valid |
|---|---|---|---|
www.instagram.com | 4/28/2026 | 4/29/2027 | 1 year 1 day |
static.cdninstagram.com | 4/28/2026 | 4/29/2027 | 1 year 1 day |
HTTP Headers
HTTP Header
An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.
| Name | Value |
|---|---|
| Alt-Svc | h3=":443"; ma=86400 |
| Cache-Control | private, no-cache, no-store, must-revalidate |
| Connection | keep-alive |
| Content-Encoding | zstd |
| Content-Type | text/html; charset="utf-8" |
| Date | Wed, 29 Apr 2026 10:43:43 GMT |
| Expires | Sat, 01 Jan 2000 00:00:00 GMT |
| Pragma | no-cache |
| Strict-Transport-Security | max-age=31536000; preload; includeSubDomains |
| Transfer-Encoding | chunked |
| Vary | Accept-Encoding |
| X-Content-Type-Options | nosniff |
| X-FB-Connection-Quality | EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1368, tbw=3714, tp=-1, tpl=-1, uplat=250, ullat=0 |
| X-FB-Debug | NTNLNdKA6feKTgytwa0gyUTQLOMMFiG2aJQ4FDDGLxVUtC80K7nOfPBOSVGfY72Ow+X+sLeY5nKBFZoioXxoQQ== |
| X-Frame-Options | DENY |
| X-XSS-Protection | 0 |
| accept-ch | viewport-width,dpr,Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model |
| accept-ch-lifetime | 4838400 |
| content-security-policy | default-src *.facebook.com *.fbcdn.net *.instagram.com blob: 'wasm-unsafe-eval';script-src *.instagram.com static.cdninstagram.com z-p42-static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-KqpjJQJI' blob: 'self' 'wasm-unsafe-eval' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.instagram.com static.cdninstagram.com z-p42-static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com https://accounts.google.com;connect-src *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://accounts.google.com https://meta.privacy-gateway.cloudflare.com/relay;font-src *.instagram.com static.cdninstagram.com z-p42-static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com *.tenor.co *.tenor.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.fbsbx.com data: blob: https://*.giphy.com *.tenor.co *.tenor.com;child-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;manifest-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;object-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;block-all-mixed-content;upgrade-insecure-requests; |
| cross-origin-opener-policy | same-origin-allow-popups |
| cross-origin-resource-policy | same-origin |
| document-policy | force-load-at-top include-js-call-stacks-in-crash-reports |
| origin-agent-cluster | ?1 |
| origin-trial | ArDvqjFKr1fHThlSM8Kkp74sxlOCFTeqYJMXCGqCG/VJmcYlO/0UavmpqPDit2KppDf1THInNpwA36GmtgPOug8AAAB2eyJvcmlnaW4iOiJodHRwczovL3d3dy5pbnN0YWdyYW0uY29tOjQ0MyIsImZlYXR1cmUiOiJDcmFzaFJlcG9ydGluZ1N0b3JhZ2VBUEkiLCJleHBpcnkiOjE3NzY3Mjk2MDAsImlzU3ViZG9tYWluIjp0cnVlfQ== |
| permissions-policy | accelerometer=(self), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(self), gyroscope=(self), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(self), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self "https://*.facebook.com" "https://facebook.com"), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" |
| report-to | {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/?device_level=unknown&brsid=7634130092347419518&comet_app_key=7&cpp=C3&cv=1038392814&st=1777459423549"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/"}],"group":"permissions_policy"} |
| reporting-endpoints | coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.instagram.com/error/ig_web_error_reports/?device_level=unknown&brsid=7634130092347419518&comet_app_key=7&cpp=C3&cv=1038392814&st=1777459423549", permissions_policy="https://www.instagram.com/error/ig_web_error_reports/" |
| x-stack | www |
Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.
| Name | Value |
|---|---|
| default-src | *.facebook.com*.fbcdn.net*.instagram.comblob:'wasm-unsafe-eval';script-src*.instagram.comstatic.cdninstagram.comz-p42-static.cdninstagram.com*.facebook.com*.fbcdn.net*.facebook.net127.0.0.1:*'nonce-KqpjJQJI'blob:'self''wasm-unsafe-eval'https://*.google-analytics.comhttps://translate.google.comhttps://apis.google.comhttps://accounts.google.com;style-src*.instagram.comstatic.cdninstagram.comz-p42-static.cdninstagram.comdata:blob:'unsafe-inline'*.fbcdn.net*.facebook.comhttps://accounts.google.com;connect-src*.instagram.comwss://edge-chat.instagram.comconnect.facebook.net*.facebook.comfacebook.com*.fbcdn.net*.facebook.netwss://*.facebook.com:*ws://localhost:*blob:*.cdninstagram.comwss://*.instagram.com:*'self'https://accounts.google.comhttps://meta.privacy-gateway.cloudflare.com/relay;font-src*.instagram.comstatic.cdninstagram.comz-p42-static.cdninstagram.comdata:*.fbcdn.net*.intern.facebook.com*.facebook.comhttps://fonts.gstatic.com;img-src*.instagram.com*.facebook.com*.fbcdn.netdata:*.cdninstagram.com*.whatsapp.netblob:*.fbsbx.comandroid-webview-video-poster:*.oculuscdn.com*.giphy.com*.tenor.co*.tenor.comwww.googleadservices.com*.doubleclick.net*.google.com*.google.co.ukhttps://www.gstatic.comhttps://*.google-analytics.com;media-src*.facebook.com*.fbcdn.net*.instagram.com*.cdninstagram.com*.fbsbx.comdata:blob:https://*.giphy.com*.tenor.co*.tenor.com;child-src*.facebook.com*.fbcdn.net*.instagram.comdata:blob:;frame-src*.instagram.com*.facebook.com*.fbsbx.comfbsbx.comdata:www.googleadservices.com*.doubleclick.net*.google.com*.google.co.uk;manifest-src*.facebook.com*.fbcdn.net*.instagram.comdata:blob:;object-src*.facebook.com*.fbcdn.net*.instagram.comdata:blob:;block-all-mixed-content;upgrade-insecure-requests |
Cookies
Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.
| Name | Value | Domain/Path | Expires | Secure | HTTP Only |
|---|---|---|---|---|---|
| csrftoken | [csrftoken redacted] | .instagram.com/ | 6/3/2027, 10:43:43 AM | yes | no |
| datr | 3-DxaeC32tFfN2mEu184eqdv | .instagram.com/ | 6/3/2027, 10:43:43 AM | yes | yes |
| ig_did | 406AE76A-62DB-4D7B-AC48-AD4B893E80E1 | .instagram.com/ | 4/29/2027, 10:43:43 AM | yes | yes |