Summary
A Concise Overview of the scan result of url https://www.tiktok.com/@user7763100916639/video/7588127732018547989?is_from_webapp=1&sender_device=pc
- Document
- HTML
- 4
- StyleSheets
- 6
- Scripts
- 204
- Font
- 4
- Images
- 4
- Links
- 0
- JavaScript Variables
- 54
- Console log messages
- 0
- Network
- Requests
- 306
- Bytes Transferred
- 6.66MB
- Bytes Total
- 17.91MB
- DNS Record
- CNAME Record
- 4
- A Record
- 9
- Technology
- PaaS
- 1
- Payment processors
- 1
- Web servers
- 1
- Reverse proxies
- 1
- Security
- 2
- CDN
- 1
Document
Links
The outgoing links identified from the page.
| Link | Text |
|---|
JavaScript Variables
Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.
eventundefinedonbeforetoggleobjectfenceobjectsharedStorageobjectdocumentPictureInPictureobjectfetchLaterfunctiononpageswapobjectonpagerevealobjectmodelobjectonscrollendobjectconfigobjectslardarClientstringSlardarClientfunction__LOADABLE_LOADED_CHUNKS__objectTTAP_APPPARSE_STARTTIMEnumberLogPluginObjectobject__$UNIVERSAL_DATA$__object__STARLING_INCONTEXT_GLOBAL__HOOK__object__SLARDAR_REGISTRY__object__STARLING_DEVTOOLS_I18NobjectTEAVisualEditorobject_bound_error_timebooleanfilterCSSfunctionfilterXSSfunction__PRE_CACHE___keyvaluepairsobject__preloadcontext__objectglobalLoaderCacheobject__xgplayer_vod_log__object__support_avif__boolean__support_webp__boolean__PNS_RUNTIME__object__PUMBAA_RUN_FLAG__numberdwInflobjectbyted_acrawlerobject_mssdkobjectMSSDK_INITIALIZEDboolean__ac_intercepted_fetchboolean_fetchfunction_openfunction__ac_intercepted_openbooleansecsdkobject_FETCH_SDK_INIT_SECSDKbooleantuxComponentsVersionstringregeneratorRuntimeobjectttWebappFocusTimenumber__INIT_VMOK_DEPLOY_GLOBAL_DATA__boolean__GARFISH_INSULATION_VARIABLE__objectsetImmediatefunctionclearImmediatefunctionreactiveElementVersionsobjectlitHtmlVersionsobjectlitElementVersionsobjectdataLayerobjectgtm_permissionobject
Technology
The technologies identified are present on the scanned URL.
| Name | Description | Detected patterns |
|---|---|---|
| Security | ||
hCaptcha | hCaptcha is an anti-bot solution that protects user privacy and rewards websites. | Type: headers Name: content-security-policy Regex: (?:\.|\/\/)hcaptcha\.com |
| HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS. | Type: headers Name: strict-transport-security Regex: (?:) | |
| Web servers | ||
Nginx | Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. | Type: headers Name: server Regex: nginx(?:\/([\d.]{1,250}))? |
| CDN | ||
 Amazon S3 | Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. | Type: headers Name: server Regex: s3[^ ]{0,250}amazonaws\.com |
| Payment processors | ||
PayPal | PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders. | Type: headers Name: content-security-policy Regex: \.paypal\.com |
| PaaS | ||
 Amazon Web Services | Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality. | Dependent on Amazon S3 |
| Reverse proxies | ||
Nginx | Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. | Type: headers Name: server Regex: nginx(?:\/([\d.]{1,250}))? |
Performance
The speed and efficiency of the scanned URL loads and displays its content.
- dns
- 1 msGood
- tcp
- 1 msGood
- requestTime
- 9 msGood
- dom
- 7907 msPoor
DNS Record
A DNS record maps a domain name to an IP address or other resource information.
| Type | Name | Content | DNSSEC |
|---|---|---|---|
| CNAME | www.tiktok.com | www.tiktok.com.edgesuite.net. | no |
| CNAME | www.tiktok.com.edgesuite.net | a2047.api10.akamai.net. | no |
| A | a2047.api10.akamai.net | 23.73.4.218 | no |
| A | a2047.api10.akamai.net | 23.73.4.196 | no |
| A | a2047.api10.akamai.net | 23.73.4.220 | no |
| A | a2047.api10.akamai.net | 23.73.4.217 | no |
| A | a2047.api10.akamai.net | 23.73.4.214 | no |
| A | a2047.api10.akamai.net | 23.73.4.209 | no |
| A | a2047.api10.akamai.net | 23.73.4.225 | no |
| A | a2047.api10.akamai.net | 23.73.4.212 | no |
| A | a2047.api10.akamai.net | 23.73.4.224 | no |
| CNAME | www.tiktok.com | www.tiktok.com.edgesuite.net. | no |
| CNAME | www.tiktok.com.edgesuite.net | a2047.api10.akamai.net. | no |
SSL Certificate
An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.
| Subject | Issue date | Expiry date | Valid |
|---|---|---|---|
www.tiktok.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
lf16-tiktok-web.tiktokcdn-us.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
lf16-cdn-tos.tiktokcdn-us.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
libraweb.tiktokw.us | 12/31/2025 | 1/1/2027 | 1 year 1 day |
mcs.tiktokw.us | 12/31/2025 | 1/1/2027 | 1 year 1 day |
p16-common-sign.tiktokcdn-us.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
mon16-normal-useast5.tiktokv.us | 12/31/2025 | 1/1/2027 | 1 year 1 day |
sf16-website-login.neutral.ttwstatic.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
v16m-webapp.tiktokcdn-us.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
v16-webapp-prime.us.tiktok.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
webcast.us.tiktok.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
v19-webapp-prime.us.tiktok.com | 12/31/2025 | 1/1/2027 | 1 year 1 day |
mssdk-ttp2.tiktokw.us | 12/31/2025 | 1/1/2027 | 1 year 1 day |
www.tiktokw.us | 12/31/2025 | 1/1/2027 | 1 year 1 day |
starling-ttp2.tiktokv.us | 12/31/2025 | 1/1/2027 | 1 year 1 day |
HTTP Headers
HTTP Header
An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.
| Name | Value |
|---|---|
| Access-Control-Expose-Headers | x-tt-traceflag,x-tt-logid |
| Cache-Control | max-age=0, no-cache, no-store |
| Connection | keep-alive Transfer-Encoding |
| Content-Encoding | br |
| Content-Security-Policy | report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=HOiLPthVoUcWRLsWj0mtJ&v=17; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; connect-src * 'unsafe-inline' blob: data:; frame-src bytedance: *.kakao.com *.tiktok.com access.line.me accounts.google.com api.twitter.com appleid.apple.com assets.braintreegateway.com client-api.arkoselabs.com h.online-metrix.net lf16-web.tiktokcdn.com newassets.hcaptcha.com recaptcha.google.com tx41v.arkoselabs.com www.facebook.com www.google.com; script-src 'inline-speculation-rules' 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com accounts.google.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com; worker-src www.tiktok.com/business/sw.js www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/tiktokstudio/sw.js www.tiktok.com/web-static-js/ www.tiktok.com/webapp-desktop/static/worker/; frame-ancestors tea-va.bytedance.net www.tiktok.com |
| Content-Type | text/html; charset=utf-8 |
| Date | Thu, 01 Jan 2026 21:30:53 GMT |
| Expires | Thu, 01 Jan 2026 21:30:53 GMT |
| Feature-Policy | microphone 'none'; geolocation 'none' |
| Pragma | no-cache |
| Referrer-Policy | strict-origin-when-cross-origin |
| Server | nginx |
| Server-Timing | cdn-cache; desc=MISS, edge; dur=61, origin; dur=316 inner; dur=304 |
| Strict-Transport-Security | max-age=31536000; includeSubdomains |
| Transfer-Encoding | chunked |
| X-Akamai-Request-ID | 4f280720.caa1d95 |
| X-Bytefaas-Execution-Duration | 301.35 |
| X-Bytefaas-Request-Id | 20260101213052D6AC4493FB3DA8182C6B |
| X-Cache | TCP_MISS from a23-213-178-142.deploy.akamaitechnologies.com (AkamaiGHost/22.3.3.1-d99a9e98b7d52dde86bd4d85ef9e7108) (-) |
| X-Cache-Remote | TCP_MISS from a23-36-176-192.deploy.akamaitechnologies.com (AkamaiGHost/22.3.3.1-d99a9e98b7d52dde86bd4d85ef9e7108) (-) |
| X-Content-Type-Options | nosniff |
| X-Download-Options | noopen |
| X-Frame-Options | SAMEORIGIN |
| X-Gw-Dst-Psm | serverless.tiktok.desktop |
| X-Origin-Response-Time | 316,23.36.176.192 |
| X-Parent-Response-Time | 376,23.213.178.142 |
| X-Powered-By | Goofy Node |
| X-Pumbaa-Web-Avail | 1 |
| X-Tt-Logid | 20260101213052D6AC4493FB3DA8182C6B |
| X-Xss-Protection | 1; mode=block |
| content-security-policy-report-only | report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=HOiLPthVoUcWRLsWj0mtJ&v=5; report-to csp-endpoint; script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com static.captchami.com tiktok.captchami.com unpkg.com www.facebook.net www.vimeo.com; worker-src www.tiktok.com/business/sw.js www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/sw.js; frame-ancestors tea-va.bytedance.net www.tiktok.com |
| reporting-endpoints | csp-endpoint="https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns" |
| x-tt-trace-host | 0124f02753edff1049b045cb6118876ff3af2c22ba04be778b0e29da5cd3b718f2f24fc25109ee174991aebd66b8f4b6496fb96c9f9f2151de71dcbd3b138ae88a2ad72879492920bd3216908989899ad274bcb9abe9dd0c8dbc0b2ebb573c86c5747ffdbd44b77731665d8d398c158f11 |
| x-tt-trace-id | 00-260101213052D6AC4493FB3DA8182C6B-3D2DA28311BFEBC5-00 |
| x-tt-trace-tag | id=16;cdn-cache=miss;type=dyn |
Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.
| Name | Value |
|---|
Cookies
Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.
| Name | Value | Domain/Path | Expires | Secure | HTTP Only |
|---|---|---|---|---|---|
| tt_csrf_token | [tt_csrf_token redacted] | .tiktok.com/ | 12/31/1969, 11:59:59 PM | yes | yes |
| tt_chain_token | [tt_chain_token redacted] | .tiktok.com/ | 6/30/2026, 9:30:52 PM | yes | yes |
| tiktok_webapp_theme_source | auto | .www.tiktok.com/ | 10/28/2026, 9:30:54 PM | yes | no |
| tiktok_webapp_theme | dark | .www.tiktok.com/ | 10/28/2026, 9:30:54 PM | yes | no |
| ttwid | 1%7CoOEdFRt3oushG9UNCRvgcjbaVaHkC1eIo7mfKWOCwBo%7C1767303055%7C7d2396ded8998a086af6b76572480487204410ed667561aa4be17d67da5f0c35 | .tiktok.com/ | 1/1/2027, 9:30:55 PM | yes | yes |
| msToken | [msToken redacted] | .tiktok.com/ | 1/11/2026, 9:30:55 PM | yes | no |
| msToken | [msToken redacted] | www.tiktok.com/ | 4/1/2026, 9:30:55 PM | no | no |