Summary
A Concise Overview of the scan result of url https://www.tiktok.com/@user373405636/video/7431960013112921345?_t=8r19XGJ2qlD&_r=1
- Document
- HTML
- 2
- StyleSheets
- 5
- Scripts
- 127
- Font
- 6
- Images
- 9
- Links
- 0
- JavaScript Variables
- 39
- Console log messages
- 0
- Network
- Requests
- 235
- Bytes Transferred
- 5.31MB
- Bytes Total
- 15.16MB
- DNS Record
- CNAME Record
- 4
- A Record
- 9
- Technology
- PaaS
- 1
- Payment processors
- 1
- Security
- 2
- CDN
- 1
Document
Links
The outgoing links identified from the page.
Link | Text |
---|
JavaScript Variables
Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.
Technology
The technologies identified are present on the scanned URL.
Name | Description | Detected patterns |
---|---|---|
Security | ||
hCaptcha | hCaptcha is an anti-bot solution that protects user privacy and rewards websites. | Type: headers Name: content-security-policy Regex: (?:\.|\/\/)hcaptcha\.com |
HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS. | Type: headers Name: strict-transport-security Regex: (?:) | |
CDN | ||
Amazon S3 | Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. | Type: headers Name: server Regex: s3[^ ]{0,250}\.amazonaws\.com |
Payment processors | ||
PayPal | PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders. | Type: headers Name: content-security-policy Regex: \.paypal\.com |
PaaS | ||
Amazon Web Services | Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality. | Dependent on Amazon S3 |
Performance
The speed and efficiency of the scanned URL loads and displays its content.
- dns
- 1 msGood
- tcp
- 1 msGood
- requestTime
- 144 msGood
- dom
- 1240 msPoor
DNS Record
A DNS record maps a domain name to an IP address or other resource information.
Type | Name | Content | DNSSEC |
---|---|---|---|
CNAME | www.tiktok.com | www.tiktok.com.edgesuite.net. | no |
CNAME | www.tiktok.com.edgesuite.net | a2047.api10.akamai.net. | no |
A | a2047.api10.akamai.net | 104.117.244.16 | no |
A | a2047.api10.akamai.net | 104.117.244.48 | no |
A | a2047.api10.akamai.net | 104.117.244.32 | no |
A | a2047.api10.akamai.net | 104.117.244.17 | no |
A | a2047.api10.akamai.net | 104.117.244.27 | no |
A | a2047.api10.akamai.net | 104.117.244.50 | no |
A | a2047.api10.akamai.net | 104.117.244.41 | no |
A | a2047.api10.akamai.net | 104.117.244.10 | no |
A | a2047.api10.akamai.net | 104.117.244.42 | no |
CNAME | www.tiktok.com | www.tiktok.com.edgesuite.net. | no |
CNAME | www.tiktok.com.edgesuite.net | a2047.api10.akamai.net. | no |
SSL Certificate
An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.
Subject | Issue date | Expiry date | Valid |
---|---|---|---|
*.www.tiktok.com RapidSSL ECC CA 2018 | 11/9/2023 | 12/9/2024 | 1 year 1 month 1 day |
*.neutral.ttwstatic.com RapidSSL TLS RSA CA G1 | 7/2/2024 | 7/1/2025 | 12 months 4 days |
*.tiktokv.com RapidSSL TLS RSA CA G1 | 8/20/2024 | 9/20/2025 | 1 year 1 month 1 day |
1562951790.rsc.cdn77.org E6 | 9/15/2024 | 12/14/2024 | 2 months 29 days |
*.tiktokw.eu RapidSSL TLS ECC CA G1 | 8/13/2024 | 9/13/2025 | 1 year 1 month 1 day |
*.tiktok.com RapidSSL TLS ECC CA G1 | 7/15/2024 | 7/15/2025 | 1 year |
*.ibyteimg.com RapidSSL ECC CA 2018 | 3/15/2024 | 4/15/2025 | 1 year 1 month 1 day |
*.tiktokv.eu RapidSSL TLS ECC CA G1 | 8/5/2024 | 9/5/2025 | 1 year 1 month 1 day |
HTTP Headers
HTTP Header
An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.
Name | Value |
---|---|
cache-control | max-age=0, no-cache, no-store |
content-encoding | br |
content-security-policy | script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; connect-src * 'unsafe-inline' blob: data:; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=90e6d773-21ae-42ab-8c71-39270905f535; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsco.re *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.co.cr *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.br *.google.com.cy *.google.com.do *.google.com.ec *.google.com.gh *.google.com.lb *.google.com.mt *.google.com.my *.google.com.ng *.google.com.pe *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tr *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.iq *.google.is *.google.it *.google.lt *.google.lu *.google.lv *.google.md *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.td *.google.tn *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; report-to csp-endpoint |
content-type | text/html; charset=utf-8 |
date | Fri, 01 Nov 2024 01:14:38 GMT |
expires | Fri, 01 Nov 2024 01:14:38 GMT |
feature-policy | microphone 'none'; geolocation 'none' |
pragma | no-cache |
referrer-policy | strict-origin-when-cross-origin |
reporting-endpoints | csp-endpoint="https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns" |
server | TLB |
server-timing | cdn-cache; desc=MISS, edge; dur=299, origin; dur=239 inner; dur=234 |
strict-transport-security | max-age=31536000; includeSubdomains |
x-akamai-request-id | 68bef9d.1622ae69 |
x-bytefaas-execution-duration | 231.85 |
x-bytefaas-request-id | 20241101011437405688EA32263C5CD421 |
x-cache | TCP_MISS from a2-16-8-174.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-) |
x-cache-remote | TCP_MISS from a23-46-15-20.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-) |
x-content-type-options | nosniff |
x-download-options | noopen |
x-frame-options | SAMEORIGIN |
x-gw-dst-psm | serverless.tiktok.desktop |
x-ms-token | wb9YASPdXdoARLBHWCjEFrKyNMZ48HUZkOK9Bc47m2G2HmaY0al43HUt2az3_srR7e4KJJa5KVskkmVkG33bGXylTA952MFsGnObN2YIXQ_EcUh0Dfm6ZgPINUNI |
x-origin-response-time | 239,23.46.15.20 |
x-parent-response-time | 538,2.16.8.174 |
x-powered-by | Goofy Node |
x-pumbaa-web-avail | 1 |
x-tt-logid | 20241101011437405688EA32263C5CD421 |
x-tt-trace-host | 01c1b89488b8df09bff45cb197d3635ad24c84f4c35aa568e16d7a23577b60492dda6c9dcf28324aacc269dac5e0f6e24cf341a6e3af3529d878ebe2e453d2188914aff3d2258935ed75aa056d4a67b9847c53010c2e358636037a85e79ed82b2786ccfaf144934b1ba0ecd573fb19196f |
x-tt-trace-id | 00-241101011437405688EA32263C5CD421-476B2C783FC62582-00 |
x-tt-trace-tag | id=16;cdn-cache=miss;type=dyn |
x-xss-protection | 1; mode=block |
Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.
Name | Value |
---|---|
script-src | 'unsafe-eval'sf16-website-login.neutral.ttwstatic.coms20.tiktokcdn.com*.tiktokcdn-us.comwww.google.comrecaptcha.google.comjs.hcaptcha.comclient-api.arkoselabs.comwww.gstatic.comconnect.facebook.net |
frame-src | *.tiktok.comaccounts.google.comwww.google.comrecaptcha.google.comwww.facebook.com*.kakao.comlf16-web.tiktokcdn.comassets.braintreegateway.comappleid.apple.comaccess.line.meapi.twitter.comh.online-metrix.netbytedance:newassets.hcaptcha.comclient-api.arkoselabs.com |
worker-src | https:blob: |
frame-ancestors | tea-va.bytedance.netwww.tiktok.com |
connect-src | *'unsafe-inline'blob:data: |
report-uri | https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=90e6d773-21ae-42ab-8c71-39270905f535 |
upgrade-insecure-requests | |
default-src | 'self''unsafe-eval''unsafe-inline'blob:bytedance:data:wss://*.tiktok.comwss://*.tiktokv.comwss://*.tiktokv.euwss://tiktok.comwss://tiktokv.com*.adsco.re*.adsintegrity.net*.akamaized.net*.amazonaws.com*.bing.com*.bitssec.com*.bytedapm.com*.bytedgame.com*.bytehwm-row.com*.byteicdn.com*.byteintl.com*.byteintl.net*.byteintlapi.com*.byteintlstatic.com*.bytelemon.com*.byteoversea.com*.byteoversea.net*.bytevcloudapi.com*.capcut.com*.cloudflare.com*.ctfassets.net*.doubleclick.net*.evbuc.com*.eventim.de*.facebook.com*.facebook.net*.fbsbx.com*.fcdnstatic-intl.com*.fdmstatic.com*.g-p-static.com*.gauthmath.com*.goofy-cdn.com*.goofy.app*.google-analytics.com*.google.ae*.google.at*.google.be*.google.bg*.google.bj*.google.by*.google.ca*.google.ch*.google.co.cr*.google.co.id*.google.co.il*.google.co.jp*.google.co.kr*.google.co.ma*.google.co.nz*.google.co.uk*.google.co.za*.google.com*.google.com.ar*.google.com.au*.google.com.bd*.google.com.br*.google.com.cy*.google.com.do*.google.com.ec*.google.com.gh*.google.com.lb*.google.com.mt*.google.com.my*.google.com.ng*.google.com.pe*.google.com.pk*.google.com.sa*.google.com.sg*.google.com.tr*.google.cz*.google.de*.google.dk*.google.dz*.google.ee*.google.es*.google.fi*.google.fr*.google.gr*.google.hr*.google.hu*.google.ie*.google.iq*.google.is*.google.it*.google.lt*.google.lu*.google.lv*.google.md*.google.nl*.google.no*.google.pl*.google.ps*.google.pt*.google.ro*.google.rs*.google.se*.google.si*.google.sk*.google.td*.google.tn*.googleapis.com*.googletagmanager.com*.gstatic.com*.hsforms.com*.hsforms.net*.ibytedtos.com*.ibyteimg.com*.isnssdk.com*.jumio.ai*.kakao.com*.lemon8-app.com*.lemon8cdn.com*.licdn.com*.linkedin.com*.midtrans.com*.muscdn.com*.musical.ly*.oecstatic.com*.omise.co*.pangle-ads.com*.paypal.com*.pipopay.com*.redditstatic.com*.resso.me*.sgsnssdk.com*.soundon.global*.tableau.com*.tiktok-row.net*.tiktok.com*.tiktok.ru*.tiktok.vn*.tiktokapis.com*.tiktokcdn-eu.com*.tiktokcdn-in.com*.tiktokcdn-us.com*.tiktokcdn.com*.tiktokcreativeone.com*.tiktokforbusinessoutbound.com*.tiktokglobalshop.com*.tiktokmusic.me*.tiktokshop.com*.tiktokstaticb.com*.tiktokus.info*.tiktokv.com*.tiktokv.eu*.tiktokv.us*.tiktokw.eu*.tiktokw.us*.topbuzzcdn.com*.ttlivecdn.com*.ttlstatic.com*.ttwstatic.com*.vimeo.com*.vodupload.com*.yahoo.co.jp*.yhgfb-static.com*.youtube-nocookie.com*.zhiliaoapp.comcode.jquery.comfacebook.comgoogle.comi.ticketweb.comimages.universe.commedia.ticketmaster.eures.cloudinary.coms1.ticketm.netstatic-label.frontgatetickets.comt.cotikitoks.comtiktok.comtiktok.uatiktok.vntiktokfollowersfree.comtiktokv.comunpkg.comvimeo.com |
report-to | csp-endpoin |
Cookies
Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.
Name | Value | Domain/Path | Expires | Secure | HTTP Only |
---|---|---|---|---|---|
tt_csrf_token | [tt_csrf_token redacted] | .tiktok.com/ | 12/31/1969, 11:59:59 PM | yes | yes |
tt_chain_token | [tt_chain_token redacted] | .tiktok.com/ | 4/30/2025, 1:14:38 AM | yes | yes |
msToken | [msToken redacted] | .tiktok.com/ | 11/11/2024, 1:14:38 AM | yes | no |
ak_bmsc | FD342E93336FFD43FBA86126A6DA80EB~000000000000000000000000000000~YAAQrggQAile99+SAQAAI+dJ5Rn2ZPu7z1xiVAQDyORvTWQPyNtqipH7Uy4G/8IpOSyHJ2MEkMSkcC7gAf2/ly6lkIEEyHg+EtDNO5cV9g2OgXcD5Tl0kCgPY8qj6HzuB9xkqvSFW8p3ynembYswwsGUWKJWESg8wcyzaGk+ljtTVIVL2UFWoptxba1j72gjTbFtmSN/z9Nieqq+j2ohf5yUdcNvIc5h3dQn0eRkJCxLKconZORjDQCdmUg4/hL0YDR+dqTcKr2jo/W9QzKWZiRxZ4fMMEpkJlTHFUu+AfR4GqjqpQ9/Lpm4BW+fE+OkjqAC1vGZ4Rt1buyXbhG2PZhHNF3I8mwiZINbLKGWGytjdwnnxRcjzMETODZjvsqn42lYqEMjCpuoZA== | .tiktok.com/ | 11/1/2024, 3:14:38 AM | no | no |
tiktok_webapp_theme_source | auto | .www.tiktok.com/ | 8/28/2025, 1:14:40 AM | yes | no |
tiktok_webapp_theme | dark | .www.tiktok.com/ | 8/28/2025, 1:14:40 AM | yes | no |
ttwid | 1%7C9bmmtpVWv0xhht1zAf1y3snQC9_EGOkN3ygtQSdRN24%7C1730423680%7Cc1ac65756a5fb7ca9af600995e05dafa2d969a652a6b91cfe05a2a78253959c9 | .tiktok.com/ | 11/1/2025, 1:14:40 AM | yes | yes |
delay_guest_mode_vid | 8 | .www.tiktok.com/ | 8/28/2025, 1:14:40 AM | yes | no |