Spotify – Web Player - URL Scan Results

Summary

A Concise Overview of the scan result of url https://open.spotify.com/playlist/6uUzE1xthhDvbrRNflYlLh

Document
HTML
29
StyleSheets
6
Scripts
20
Font
0
Images
1
Links
0
JavaScript Variables
28
Console log messages
0
Network
Requests
63
Bytes Transferred
1.59MB
Bytes Total
7.38MB

DNS Record
CNAME Record
2
A Record
4
AAAA Record
4
Technology
Caching
1
Reverse proxies
1
JavaScript frameworks
1
Security
2
A/B Testing
1

Links

The outgoing links identified from the page.

Link	Text

JavaScript Variables

Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.

eventundefinedonbeforetoggleobjectfenceobjectsharedStorageobjectdocumentPictureInPictureobjectfetchLaterfunctiononpageswapobjectonpagerevealobjectmodelobjectonscrollendobject___grecaptcha_cfgobjectgrecaptchaobject__recaptcha_apistring__google_recaptcha_clientbooleanwebpackChunkclient_webobjectMousetrapfunction__reactRouterVersionstringregeneratorRuntimeobjectspektrumLoggingInternalsFromAppobject__SENTRY__object__sentry_instrumentation_handlers__objectgoogle_tag_managerobjectgoogle_tag_dataobjectdataLayerobjectgtagfunction__TWITTER_PIXEL_ID__string__PINTEREST_PIXEL_ID__string__SNAPCHAT_PIXEL_ID__string

Technology

The technologies identified are present on the scanned URL.

Name	Description	Detected patterns
JavaScript frameworks
React https://reactjs.org	React is an open-source JavaScript library for building user interfaces or UI components.	Type: html Regex: <[^>]{1,250}data-react
Security
reCAPTCHA https://www.google.com/recaptcha/	reCAPTCHA is a free service from Google that helps protect websites from spam and abuse.	Type: scriptSrc Regex: \/recaptcha\/(?:api\|enterprise)\.js
HSTS https://www.rfc-editor.org/rfc/rfc6797#section-6.1	HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.	Type: headers Name: strict-transport-security Regex: (?:)
Caching
Varnish https://www.varnish-cache.org	Varnish is a reverse caching proxy.	Type: headers Name: via Regex: varnish(?: $Varnish\/([\d.]{1,250})$)?
Reverse proxies
Envoy https://www.envoyproxy.io/	Envoy is an open-source edge and service proxy, designed for cloud-native applications.	Type: headers Name: x-envoy-upstream-service-time Regex: ^envoy$
A/B Testing
Google Optimize https://optimize.google.com	Google Optimize allows you to test variants of web pages and see how they perform.	Type: scriptSrc Regex: googleoptimize\.com\/optimize\.js

DNS Record

A DNS record maps a domain name to an IP address or other resource information.

Type	Name	Content	DNSSEC
CNAME	open.spotify.com	atc.spotify.map.fastly.net.	no
A	atc.spotify.map.fastly.net	151.101.195.42	no
A	atc.spotify.map.fastly.net	151.101.67.42	no
A	atc.spotify.map.fastly.net	151.101.131.42	no
A	atc.spotify.map.fastly.net	151.101.3.42	no
CNAME	open.spotify.com	atc.spotify.map.fastly.net.	no
AAAA	atc.spotify.map.fastly.net	2a04:4e42:200::810	no
AAAA	atc.spotify.map.fastly.net	2a04:4e42:400::810	no
AAAA	atc.spotify.map.fastly.net	2a04:4e42::810	no
AAAA	atc.spotify.map.fastly.net	2a04:4e42:600::810	no

SSL Certificate

An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.

Subject	Issue date	Expiry date	Valid
open.spotify.com	11/26/2025	11/27/2026	1 year 1 day
encore.scdn.co	11/26/2025	11/27/2026	1 year 1 day
open-exp.spotifycdn.com	11/26/2025	11/27/2026	1 year 1 day
www.google.com	11/26/2025	11/27/2026	1 year 1 day
www.googleoptimize.com	11/26/2025	11/27/2026	1 year 1 day
www.gstatic.com	11/26/2025	11/27/2026	1 year 1 day
o22381.ingest.sentry.io	11/26/2025	11/27/2026	1 year 1 day
apresolve.spotify.com	11/26/2025	11/27/2026	1 year 1 day
open.spotifycdn.com	11/26/2025	11/27/2026	1 year 1 day

HTTP Header

An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.

Name	Value
Accept-Ranges	bytes
Connection	keep-alive
Date	Thu, 27 Nov 2025 17:20:39 GMT
Vary	Accept-Encoding
X-Cache	MISS, MISS
X-Cache-Hits	0, 0
X-Served-By	cache-bur-kbur8200048-BUR, cache-bur-kbur8200053-BUR
X-Timer	S1764264039.468652,VS0,VE110
content-encoding	gzip
content-security-policy	script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-exp.spotifycdn.com open-review.spotifycdn.com open-exp-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js https://get.microsoft.com/badge/ms-store-badge.bundled.js https://cdn.us.heap-api.com https://heapanalytics.com 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s=' 'sha256-o2wzIImHJ4+WWE5DCTR+myWU0UNml0+wwpDXRo++vII='; frame-ancestors 'self' https://adgen-dev.spotify.com/account//ad//details https://adgen-dev.spotify.com/preview/* https://local.spotify.net/account//ad//details https://local.spotify.net/preview/* https://app.smartly.io/*;
content-type	text/html; charset=utf-8
server	envoy
strict-transport-security	max-age=31536000
transfer-encoding	chunked
via	HTTP/1.1 fringe, HTTP/2 edgeproxy, 1.1 google, 1.1 varnish
x-content-type-options	nosniff
x-envoy-upstream-service-time	13
x-spotify-open-index	true

Content Security Policy

Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.

Name	Value
script-src	'self''unsafe-eval'blob:open.spotifycdn.comopen-exp.spotifycdn.comopen-review.spotifycdn.comopen-exp-review.spotifycdn.comquicksilver.scdn.cowww.google-analytics.comwww.googletagmanager.comstatic.ads-twitter.comanalytics.twitter.coms.pinimg.comsc-static.nethttps://www.google.com/recaptcha/cdn.ravenjs.comconnect.facebook.netwww.gstatic.comsb.scorecardresearch.compixel-static.spotify.comcdn.cookielaw.orggeolocation.onetrust.comwww.googleoptimize.comwww.fastly-insights.comstatic.hotjar.comscript.hotjar.comhttps://www.googleadservices.com/pagead/conversion_async.jshttps://www.googleadservices.com/pagead/conversion/https://analytics.tiktok.com/i18n/pixel/sdk.jshttps://analytics.tiktok.com/i18n/pixel/identify.jshttps://analytics.tiktok.com/i18n/pixel/config.jshttps://www.redditstatic.com/ads/pixel.jshttps://t.contentsquare.net/uxa/22f14577e19f3.jshttps://get.microsoft.com/badge/ms-store-badge.bundled.jshttps://cdn.us.heap-api.comhttps://heapanalytics.com'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=''sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=''sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s=''sha256-o2wzIImHJ4+WWE5DCTR+myWU0UNml0+wwpDXRo++vII='
frame-ancestors	'self'https://adgen-dev.spotify.com/account//ad//detailshttps://adgen-dev.spotify.com/preview/https://local.spotify.net/account//ad//detailshttps://local.spotify.net/preview/https://app.smartly.io/*

Name

Value

script-src

'self''unsafe-eval'blob:open.spotifycdn.comopen-exp.spotifycdn.comopen-review.spotifycdn.comopen-exp-review.spotifycdn.comquicksilver.scdn.cowww.google-analytics.comwww.googletagmanager.comstatic.ads-twitter.comanalytics.twitter.coms.pinimg.comsc-static.nethttps://www.google.com/recaptcha/cdn.ravenjs.comconnect.facebook.netwww.gstatic.comsb.scorecardresearch.compixel-static.spotify.comcdn.cookielaw.orggeolocation.onetrust.comwww.googleoptimize.comwww.fastly-insights.comstatic.hotjar.comscript.hotjar.comhttps://www.googleadservices.com/pagead/conversion_async.jshttps://www.googleadservices.com/pagead/conversion/https://analytics.tiktok.com/i18n/pixel/sdk.jshttps://analytics.tiktok.com/i18n/pixel/identify.jshttps://analytics.tiktok.com/i18n/pixel/config.jshttps://www.redditstatic.com/ads/pixel.jshttps://t.contentsquare.net/uxa/22f14577e19f3.jshttps://get.microsoft.com/badge/ms-store-badge.bundled.jshttps://cdn.us.heap-api.comhttps://heapanalytics.com'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=''sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=''sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s=''sha256-o2wzIImHJ4+WWE5DCTR+myWU0UNml0+wwpDXRo++vII='

frame-ancestors

'self'https://adgen-dev.spotify.com/account/*/ad/*/detailshttps://adgen-dev.spotify.com/preview/*https://local.spotify.net/account/*/ad/*/detailshttps://local.spotify.net/preview/*https://app.smartly.io/*

Cookies

Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.

Name	Value	Domain/Path	Expires	Secure	HTTP Only
sp_t	df3f5bd7-4480-4da8-a88d-cc6f81dc8f55	.spotify.com/	11/27/2026, 5:20:39 PM	yes	no
sp_new	1	.spotify.com/	11/28/2025, 5:20:39 PM	yes	no
sp_landing	https%3A%2F%2Fopen.spotify.com%2Fplaylist%2F6uUzE1xthhDvbrRNflYlLh	.spotify.com/	11/28/2025, 5:20:39 PM	yes	yes

URL Scan Results for the page [Spotify – Web Player](https://open.spotify.com/playlist/6uUzE1xthhDvbrRNflYlLh)

URL basic Information and screenshot