Summary
A Concise Overview of the scan result of url https://preferences.hubspot.com/
- Document
- HTML
- 3
- StyleSheets
- 2
- Scripts
- 2
- Font
- 0
- Images
- 1
- Links
- 0
- JavaScript Variables
- 12
- Console log messages
- 0
- Network
- Requests
- 11
- Bytes Transferred
- 2.52MB
- Bytes Total
- 8.18MB
- DNS Record
- CNAME Record
- 2
- A Record
- 4
- Technology
- Programming languages
- 1
- Web frameworks
- 1
- PaaS
- 1
- Web servers
- 1
- Reverse proxies
- 1
- Security
- 2
- CDN
- 2
Document
Links
The outgoing links identified from the page.
| Link | Text |
|---|
JavaScript Variables
Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.
eventundefinedonbeforetoggleobjectfenceobjectsharedStorageobjectdocumentPictureInPictureobjectfetchLaterfunctiononpageswapobjectonpagerevealobjectmodelobjectonscrollendobjectwebpackChunkdgappobject_function
Technology
The technologies identified are present on the scanned URL.
| Name | Description | Detected patterns |
|---|---|---|
| Security | ||
hCaptcha | hCaptcha is an anti-bot solution that protects user privacy and rewards websites. | Type: headers Name: content-security-policy Regex: (?:\.|\/\/)hcaptcha\.com |
| HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS. | Type: headers Name: strict-transport-security Regex: (?:) | |
| Web frameworks | ||
Ruby on Rails | Ruby on Rails is a server-side web application framework written in Ruby under the MIT License. | Type: meta Regex: ^authenticity_token$ |
| Web servers | ||
Nginx | Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. | Type: headers Name: server Regex: nginx(?:\/([\d.]{1,250}))? |
| Programming languages | ||
| Ruby is an open-source object-oriented programming language. | Dependent on Ruby on Rails | |
| CDN | ||
 Amazon S3 | Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. | Type: headers Name: server Regex: s3[^ ]{0,250}amazonaws\.com |
 Amazon CloudFront | Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds. | Type: headers Name: x-amz-cf-id Regex: \(CloudFront\)$ |
| PaaS | ||
 Amazon Web Services | Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality. | Dependent on Amazon CloudFront,Amazon S3 |
| Reverse proxies | ||
Nginx | Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. | Type: headers Name: server Regex: nginx(?:\/([\d.]{1,250}))? |
Performance
The speed and efficiency of the scanned URL loads and displays its content.
- dns
- 1 msGood
- tcp
- 1 msGood
- requestTime
- 1 msGood
- dom
- 5 msGood
DNS Record
A DNS record maps a domain name to an IP address or other resource information.
| Type | Name | Content | DNSSEC |
|---|---|---|---|
| CNAME | preferences.hubspot.com | hubspot.datagrail.io. | no |
| A | hubspot.datagrail.io | 3.173.161.125 | no |
| A | hubspot.datagrail.io | 3.173.161.47 | no |
| A | hubspot.datagrail.io | 3.173.161.103 | no |
| A | hubspot.datagrail.io | 3.173.161.122 | no |
| CNAME | preferences.hubspot.com | hubspot.datagrail.io. | no |
SSL Certificate
An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.
| Subject | Issue date | Expiry date | Valid |
|---|---|---|---|
d5rjk704.na1.hubspotlinks.com | 4/21/2026 | 4/22/2027 | 1 year 1 day |
preferences.hubspot.com | 4/21/2026 | 4/22/2027 | 1 year 1 day |
fonts.googleapis.com | 4/21/2026 | 4/22/2027 | 1 year 1 day |
assets-production.datagrail.io | 4/21/2026 | 4/22/2027 | 1 year 1 day |
HTTP Headers
HTTP Header
An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.
| Name | Value |
|---|---|
| Cache-Control | max-age=0, private, must-revalidate no-store, no-cache, max-age=0 |
| Connection | keep-alive |
| Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://data.pendo.io https://use.typekit.net https://apis.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://hcaptcha.com https://*.hcaptcha.com https://app.pendo.io https://cdn.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' https://*.datagrail.io https://hcaptcha.com https://assets-cyera-prod.privacy.cyera.io https://assets-cyera-stage.privacy-staging.cyera.io https://assets-cyera-stage-prototype.privacy-staging-prototype.cyera.io https://cdn.pendo.io https://app.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://data.pendo.io https://static.intercomassets.com data:; connect-src 'self' https://hcaptcha.com https://app.pendo.io https://data.pendo.io https://pendo-static-6311385643745280.storage.googleapis.com https://api.feedback.us.pendo.io https://sentry.io https://datagrail-quarantine-production.s3.us-west-2.amazonaws.com https://datagrail-quarantine-development.s3.us-west-2.amazonaws.com https://datagrail-quarantine-staging.s3.us-west-2.amazonaws.com https://datagrail-public-assets.s3.us-west-2.amazonaws.com https://datagrail-public-assets.s3.us-west-1.amazonaws.com; font-src 'self' https://assets-production.datagrail.io https://assets-staging.datagrail.io https://assets-cyera-prod.privacy.cyera.io https://assets-cyera-stage.privacy-staging.cyera.io https://assets-cyera-stage-prototype.privacy-staging-prototype.cyera.io https://fonts.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com data:; object-src 'none'; media-src 'self'; frame-src 'self' https://newassets.hcaptcha.com https://app.pendo.io https://feedback.us.pendo.io https://portal.feedback.us.pendo.io; base-uri 'self'; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; report-uri /_csp; |
| Content-Type | text/html; charset=utf-8 |
| Date | Wed, 22 Apr 2026 08:39:54 GMT |
| Pragma | no-cache |
| Referrer-Policy | strict-origin-when-cross-origin strict-origin-when-cross-origin |
| Server | nginx |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Transfer-Encoding | chunked |
| Via | 1.1 051978243ac5822109d997f930efdd48.cloudfront.net (CloudFront) |
| X-Amz-Cf-Id | ezGPgYAOTdaHQn29ZhYhL79W5uPzxYyoJTF92cteoquXyEj6EB6aSA== |
| X-Amz-Cf-Pop | DEN53-P5 |
| X-Cache | Miss from cloudfront |
| X-Content-Type-Options | nosniff |
| X-Download-Options | noopen |
| X-Frame-Options | SAMEORIGIN deny |
| X-Permitted-Cross-Domain-Policies | none |
| X-Request-Id | 4b13d5cc-3c7e-4c2b-8aa1-5acd4e9eefa4 |
| X-XSS-Protection | 0 |
Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.
| Name | Value |
|---|
Cookies
Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.
| Name | Value | Domain/Path | Expires | Secure | HTTP Only |
|---|---|---|---|---|---|
| _dg_app_session | [_dg_app_session redacted] | preferences.hubspot.com/ | 4/22/2026, 8:39:54 PM | yes | yes |