Summary
A Concise Overview of the scan result of url https://www.dropbox.com/scl/fi/998xy49di4emnossya956/202426-ANDRASH-VALLEY-PROPOSAL-REPORT_-INV-202426_001.pdf?dl=0&oref=e&r=ACT3end-O7L7ot9jsJN3AWLe5A9pYdvFAa5eGX187bW_qh3di6886HF64roFiPGkn1nSSAf0VRR50s9qikIR6DxnzfphSQ_lDMFoNTDUBM_n44QGNHXP1SlITqn7kitLIv-BkD1g3VEElEhlGjxhVp1iyiC6kSMSNea4MXwBsBmgoSVg1tym2uSNqRHMscjQcn0&sm=1
- Document
- HTML
- 10
- StyleSheets
- 45
- Scripts
- 114
- Font
- 5
- Images
- 1
- Links
- 0
- JavaScript Variables
- 54
- Console log messages
- 0
- Network
- Requests
- 199
- Bytes Transferred
- 2.24MB
- Bytes Total
- 8.25MB
- DNS Record
- CNAME Record
- 2
- A Record
- 1
- AAAA Record
- 1
- Technology
- Issue trackers
- 1
- Authentication
- 1
- UI frameworks
- 1
- Reverse proxies
- 1
- Mobile frameworks
- 1
- JavaScript frameworks
- 1
- Payment processors
- 1
- Security
- 2
- JavaScript libraries
- 1
- SSL/TLS certificate authorities
- 1
Document
Links
The outgoing links identified from the page.
Link | Text |
---|
JavaScript Variables
Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.
Technology
The technologies identified are present on the scanned URL.
Name | Description | Detected patterns |
---|---|---|
JavaScript frameworks | ||
Wink Toolkit is a JavaScript toolkit used to build mobile web apps. | Type: scriptSrc Regex: (?:_base\/js\/base|wink).{0,250}\.js | |
Issue trackers | ||
Canny | Canny is a cloud-based solution that helps small to large businesses collect, analyse, prioritise and track user feedback to make informed product decisions. | Type: headers Name: content-security-policy Regex: \/\/canny\.io |
Security | ||
reCAPTCHA | reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. | Type: scriptSrc Regex: \/recaptcha\/(?:api|enterprise)\.js |
HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS. | Type: headers Name: strict-transport-security Regex: (?:) | |
Mobile frameworks | ||
Wink Toolkit is a JavaScript toolkit used to build mobile web apps. | Type: scriptSrc Regex: (?:_base\/js\/base|wink).{0,250}\.js | |
Payment processors | ||
PayPal | PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders. | Type: headers Name: content-security-policy Regex: \.paypal\.com |
JavaScript libraries | ||
Lodash | Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. | Type: scriptSrc Regex: lodash.{0,250}\.js |
Reverse proxies | ||
Envoy is an open-source edge and service proxy, designed for cloud-native applications. | Type: headers Name: server Regex: ^envoy$ | |
UI frameworks | ||
ZURB Foundation | Zurb Foundation is used to prototype in the browser. Allows rapid creation of websites or applications while leveraging mobile and responsive technology. The front end framework is the collection of HTML, CSS, and Javascript containing design patterns. | Type: html Regex: <link[^>]{1,250}foundation[^>"]{1,250}css |
Authentication | ||
Google Sign-in | Google Sign-In is a secure authentication system that reduces the burden of login for users, by enabling them to sign in with their Google account. | Type: scriptSrc Regex: accounts\.google\.com\/gsi\/client |
SSL/TLS certificate authorities | ||
DigiCert | Type: certIssuer Regex: DigiCert |
Performance
The speed and efficiency of the scanned URL loads and displays its content.
- dns
- 1 msGood
- tcp
- 1 msGood
- requestTime
- 380 msGood
- dom
- 2497 msPoor
DNS Record
A DNS record maps a domain name to an IP address or other resource information.
Type | Name | Content | DNSSEC |
---|---|---|---|
CNAME | www.dropbox.com | www-env.dropbox-dns.com. | no |
A | www-env.dropbox-dns.com | 162.125.66.18 | no |
CNAME | www.dropbox.com | www-env.dropbox-dns.com. | no |
AAAA | www-env.dropbox-dns.com | 2620:100:6022:18::a27d:4212 | no |
SSL Certificate
An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.
Subject | Issue date | Expiry date | Valid |
---|---|---|---|
*.dropbox.com DigiCert TLS RSA SHA256 2020 CA1 | 10/31/2023 | 11/30/2024 | 1 year 1 month 1 day |
cfl.dropboxstatic.com DigiCert TLS RSA SHA256 2020 CA1 | 2/6/2024 | 3/3/2025 | 1 year 26 days |
accounts.google.com WR2 | 8/26/2024 | 11/18/2024 | 2 months 23 days |
fp.dropbox.com DigiCert TLS RSA SHA256 2020 CA1 | 11/15/2023 | 10/17/2024 | 11 months 7 days |
www.google.com WR2 | 8/26/2024 | 11/18/2024 | 2 months 23 days |
dropboxcaptcha.com Amazon ECDSA 256 M02 | 7/18/2024 | 8/16/2025 | 1 year 29 days |
*.gstatic.com WR2 | 8/26/2024 | 11/18/2024 | 2 months 23 days |
HTTP Headers
HTTP Header
An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.
Name | Value |
---|---|
cache-control | no-cache, no-store |
content-encoding | gzip |
content-security-policy | script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-f6a9FTDxfsAdg5tF8zxRax+ZqQs=' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; media-src https://* blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://*.dropbox.com report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-f6a9FTDxfsAdg5tF8zxRax+ZqQs=' 'nonce-8OgWeWhTcWxTpMMa1iA2jYqUAZM=' |
content-type | text/html; charset=utf-8 |
date | Wed, 02 Oct 2024 05:56:30 GMT |
pragma | no-cache |
referrer-policy | strict-origin-when-cross-origin |
server | envoy |
strict-transport-security | max-age=31536000; includeSubDomains |
vary | Accept-Encoding |
x-content-type-options | nosniff |
x-dropbox-request-id | bbd42d9c68654224b6d53d97152f9af3 |
x-dropbox-response-origin | far_remote |
x-permitted-cross-domain-policies | none |
x-robots-tag | noindex, nofollow, noimageindex |
x-xss-protection | 1; mode=block |
Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.
Name | Value |
---|---|
script-src | 'unsafe-eval''inline-speculation-rules'https://www.dropbox.com/static/api/https://www.dropbox.com/pithos/*https://www.dropbox.com/page_success/https://cfl.dropboxstatic.com/static/https://www.dropboxstatic.com/static/https://accounts.google.com/gsi/clienthttps://canny.io/sdk.jshttps://www.paypal.com/sdk/js'nonce-f6a9FTDxfsAdg5tF8zxRax+ZqQs=' |
img-src | https://*data:blob: |
object-src | 'self'https://cfl.dropboxstatic.com/static/https://www.dropboxstatic.com/static/ |
default-src | https://www.dropbox.com/playlist/https://www.dropbox.com/v/s/playlist/https://*.dropboxusercontent.com/p/hls_master_playlist/https://*.dropboxusercontent.com/p/hls_playlist/ |
font-src | https://*data: |
child-src | https://www.dropbox.com/static/serviceworker/blob: |
report-uri | https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist |
base-uri | 'self' |
media-src | https://*blob: |
frame-src | https://*carousel:dbapi-6:dbapi-7:dbapi-8:dropbox-client:itms-apps:itms-appss: |
worker-src | https://www.dropbox.com/static/serviceworker/https://www.dropbox.com/encrypted_folder_download/service_worker.jshttps://www.dropbox.com/service_worker.jsblob: |
form-action | https://docs.google.com/document/fsip/https://docs.google.com/spreadsheets/fsip/https://docs.google.com/presentation/fsip/https://docs.sandbox.google.com/document/fsip/https://docs.sandbox.google.com/spreadsheets/fsip/https://docs.sandbox.google.com/presentation/fsip/https://*.purple.officeapps.live-int.comhttps://officeapps-df.live.comhttps://*.officeapps-df.live.comhttps://officeapps.live.comhttps://*.officeapps.live.comhttps://paper.dropbox.com/cloud-docs/edit'self'https://www.dropbox.com/https://dl-web.dropbox.com/https://photos.dropbox.com/https://paper.dropbox.com/https://showcase.dropbox.com/https://www.hellofax.com/https://app.hellofax.com/https://www.hellosign.com/https://app.hellosign.com/https://docsend.com/https://www.docsend.com/https://help.dropbox.com/https://navi.dropbox.jp/https://a.sprig.com/https://selfguidedlearning.dropboxbusiness.com/https://instructorledlearning.dropboxbusiness.com/https://sales.dropboxbusiness.com/https://accounts.google.com/https://api.login.yahoo.com/https://login.yahoo.com/https://experience.dropbox.com/https://pal-test.adyen.comhttps://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/https://onedrive.live.com/picker |
connect-src | https://*ws://127.0.0.1:*/wsblob:wss://dsimports.dropbox.com/ |
style-src | https://*'unsafe-inline''unsafe-eval' |
frame-ancestors | 'self'https://*.dropbox.com report-urihttps://www.dropbox.com/csp_log?policy_name=metaserver-dynamic |
script-src | 'unsafe-eval''strict-dynamic''nonce-f6a9FTDxfsAdg5tF8zxRax+ZqQs=''nonce-8OgWeWhTcWxTpMMa1iA2jYqUAZM= |
Cookies
Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.
Name | Value | Domain/Path | Expires | Secure | HTTP Only |
---|---|---|---|---|---|
dbx_js_analytics_id | AABraV_cxeZLZd-LkFvZ3Kc6Virs1dqYh3UTmH4QTeIBAw | .dropbox.com/scl/fi/998xy49di4emnossya956 | 11/6/2025, 5:56:34 AM | yes | no |
gvc | Mjk3NDEwNDI3MDU2OTkyMzc5NTUyMzI2MDYyMjc1MzYwNTcxMDk4 | www.dropbox.com/ | 11/6/2025, 5:56:29 AM | yes | yes |
t | d8AZl5Jpzyed2lk9u9UOG0gg | .dropbox.com/ | 10/2/2025, 5:56:29 AM | yes | yes |
__Host-js_csrf | d8AZl5Jpzyed2lk9u9UOG0gg | www.dropbox.com/ | 10/2/2025, 5:56:29 AM | yes | no |
__Host-ss | oq_8oDljM4 | www.dropbox.com/ | 10/2/2025, 5:56:29 AM | yes | yes |
locale | en | .dropbox.com/ | 11/6/2025, 5:56:29 AM | yes | no |
ets | Ad1LVE5t/I8FXhm1Mgr9wDbTlwYhaYZp3DpMGbcsIyaCFJEhXeoq0m1RpzWALmhww2nfa82znqwqqUXGx1klto672xDU76hbFyVsPzKwLzzCicfrXUymRPOhA98eCpEpREsg3tReM7ulYsSy1Ix1gLzLEOQZKDm4X8Drx/hANF0dEmx8N0HpOVh7/QHIbz6o24U%3D | .www.dropbox.com/ | 10/3/2024, 5:56:29 AM | yes | yes |
__Host-logged-out-session | ChCc4MKsYDGcCd1%2FKz2m%2FzVmEI7B87cGGi5BTEg2Vko2S1hpclh0YlJGQXVITnhmcXhNdHhDVkFURzZiTWZNZVJ4a1g3azF3 | www.dropbox.com/ | 12/31/1969, 11:59:59 PM | yes | yes |
__Secure-dbx_consent | {"consentType":1,"consentDate":"2024-10-02T05:56:32.705Z","expireDate":"2025-04-02T05:56:32.705Z","consentMonths":6,"categories":{"strictly necessary":true,"general marketing and advertising":false,"analytics":false,"performance and functionality":false,"social media advertising":false},"userInteracted":false,"numDots":1} | .dropbox.com/ | 4/2/2025, 5:56:32 AM | yes | no |