URL Scan Results for https://www.dropbox.com/l/AAA03pTebu2w4R-SyEPN5vHLk7k2-fpeHGU

Summary

A Concise Overview of the scan result of url https://www.dropbox.com/l/AAA03pTebu2w4R-SyEPN5vHLk7k2-fpeHGU

Document
HTML
1
StyleSheets
0
Scripts
0
Font
0
Images
1
Links
0
JavaScript Variables
2
Console log messages
0
Network
Requests
2
Bytes Transferred
3.65KB
Bytes Total
1.82KB

DNS Record
CNAME Record
2
A Record
1
AAAA Record
1
Technology
Issue trackers
1
Reverse proxies
1
Security
1
SSL/TLS certificate authorities
1

Links

The outgoing links identified from the page.

Link	Text

JavaScript Variables

Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.

onbeforetogglestringonscrollendstring

Technology

The technologies identified are present on the scanned URL.

Name	Description	Detected patterns
Issue trackers
Canny https://canny.io	Canny is a cloud-based solution that helps small to large businesses collect, analyse, prioritise and track user feedback to make informed product decisions.	Type: headers Name: content-security-policy Regex: \/\/canny\.io
Security
HSTS https://www.rfc-editor.org/rfc/rfc6797#section-6.1	HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.	Type: headers Name: strict-transport-security Regex: (?:)
Reverse proxies
Envoy https://www.envoyproxy.io/	Envoy is an open-source edge and service proxy, designed for cloud-native applications.	Type: headers Name: server Regex: ^envoy$
SSL/TLS certificate authorities
DigiCert https://www.digicert.com/		Type: certIssuer Regex: DigiCert

DNS Record

A DNS record maps a domain name to an IP address or other resource information.

Type	Name	Content	DNSSEC
CNAME	www.dropbox.com	www-env.dropbox-dns.com.	no
A	www-env.dropbox-dns.com	162.125.6.18	no
CNAME	www.dropbox.com	www-env.dropbox-dns.com.	no
AAAA	www-env.dropbox-dns.com	2620:100:601c:18::a27d:612	no

SSL Certificate

An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.

Subject	Issue date	Expiry date	Valid
*.dropbox.com DigiCert TLS RSA SHA256 2020 CA1	10/31/2023	11/30/2024	1 year 1 month 1 day

HTTP Header

An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.

Name	Value
cache-control	no-cache, no-store
content-length	631
content-security-policy	base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:/ws wss://dsimports.dropbox.com/ ; default-src 'none' ; font-src https:// data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js blob:
content-type	image/jpeg
date	Thu, 16 May 2024 20:00:52 GMT
referrer-policy	strict-origin-when-cross-origin
server	envoy
strict-transport-security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
x-content-type-options	nosniff
x-dropbox-request-id	2409b16ea9b94d3487db37bd2056eace
x-dropbox-response-origin	far_remote
x-frame-options	SAMEORIGIN
x-permitted-cross-domain-policies	none
x-robots-tag	noindex, nofollow, noimageindex
x-server-response-time	233
x-xss-protection	1; mode=block

Content Security Policy

Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.

Name	Value
base-uri	'self'
child-src	https://www.dropbox.com/static/serviceworker/blob:
connect-src	https://ws://127.0.0.1:/wswss://dsimports.dropbox.com/
default-src	'none'
font-src	https://*data:
form-action	'self'https://www.dropbox.com/https://dl-web.dropbox.com/https://photos.dropbox.com/https://paper.dropbox.com/https://showcase.dropbox.com/https://www.hellofax.com/https://app.hellofax.com/https://www.hellosign.com/https://app.hellosign.com/https://docsend.com/https://www.docsend.com/https://help.dropbox.com/https://navi.dropbox.jp/https://a.sprig.com/https://selfguidedlearning.dropboxbusiness.com/https://instructorledlearning.dropboxbusiness.com/https://sales.dropboxbusiness.com/https://accounts.google.com/https://api.login.yahoo.com/https://login.yahoo.com/https://experience.dropbox.com/https://pal-test.adyen.comhttps://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/https://onedrive.live.com/picker
frame-src	https://*carousel:dbapi-6:dbapi-7:dbapi-8:dropbox-client:itms-apps:itms-appss:
img-src	https://*data:blob:
media-src	https://*blob:
object-src	'self'https://cfl.dropboxstatic.com/static/https://www.dropboxstatic.com/static/
report-uri	https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
script-src	'unsafe-eval'https://www.dropbox.com/static/api/https://www.dropbox.com/pithos/*https://www.dropbox.com/page_success/https://cfl.dropboxstatic.com/static/https://www.dropboxstatic.com/static/https://accounts.google.com/gsi/clienthttps://canny.io/sdk.jshttps://www.google.com/recaptcha/https://www.gstatic.com/recaptcha/'unsafe-inline'
style-src	https://*'unsafe-inline''unsafe-eval'
worker-src	https://www.dropbox.com/static/serviceworker/https://www.dropbox.com/encrypted_folder_download/service_worker.jsblob

Cookies

Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.

Name	Value	Domain/Path	Expires	Secure	HTTP Only
gvc	MTY1ODEwMzI5MzQ4OTA1NTI3ODcwNDUyNzMxMjUxMDE1NTU2Njcw	www.dropbox.com/	6/20/2025, 8:00:53 PM	yes	yes
t	q4KqkpyAVheC1GDqsimBG5L_	.dropbox.com/	5/16/2025, 8:00:54 PM	yes	yes
__Host-js_csrf	q4KqkpyAVheC1GDqsimBG5L_	www.dropbox.com/	5/16/2025, 8:00:54 PM	yes	no
__Host-ss	QmVPdDySBk	www.dropbox.com/	5/16/2025, 8:00:54 PM	yes	yes
locale	en	.dropbox.com/	6/20/2025, 8:00:53 PM	yes	no
ets	Acnv14XUGVqx336GJ7b9eDpmN0AfSVPLBFfBhz/7JHqusNJXVZsKlNHqTjY3UCwRMbNXjMVBCvMg9HH6eVnq4sV8OqFIokihFrxP0kA9uwjYgsJdnLqfUQRneFCD0AJlr90PrwkC2ZOjCBN%2BcRuMU4zi9LNRIfFdsvEGa5d%2B41rYG9/ZNT19HaeOSJKC19DKoFc%3D	.www.dropbox.com/	5/16/2024, 9:00:54 PM	yes	yes