Domain ssign.api.staging.sdocs.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 35.71.145.101
Domain: ssign.api.staging.sdocs.com
Port: 80
URL: http://ssign.api.staging.sdocs.comFirst seen 2025-10-17 01:01
Last seen 2026-01-09 23:18
Open for 84 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bce42db947c37314315ebc104a4c55fc6ffca5392Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /document/{id} DELETE /envelope/{envelopeId}/documents/{documentId}/recipient/{recipientId} GET /documents GET /documents/documentCards GET /documents/generatedDocument/{documentId} GET /documents/{documentId} GET /documents/{hubId}/template/{templateId}/object/{objectId} GET /email-template GET /envelope GET /envelope/envelopeCards GET /envelope/getCode/test GET /envelope/getFile/test GET /envelope/{envelopeId}/documents GET /envelope/{envelopeId}/documents/recipient GET /envelope/{envelopeId}/documents/{documentId} GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/completed-fields GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/getAll GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/{envelopeDocumentFieldId} GET /envelope/{envelopeId}/documents/{documentId}/generatePDF GET /envelope/{envelopeId}/recipients GET /envelope/{envelopeId}/recipients/{recipientId}/validate GET /envelope/{envelopeId}/{envelopeDocumentId}/auditTrail GET /envelope/{id} GET /envelopeDocument/{envelopeDocumentId}/fieldConfig GET /envelopeDocument/{envelopeDocumentId}/fieldConfig/{id} GET /help/category GET /help/category/{id} GET /help/knowledgeArticle GET /help/video GET /help/{id} GET /sender/copyRecipientSignerLink/{envelopeId}/{recipientMailId} GET /ssign/envelop GET /ssign/envelop/{id} GET /ssign/v1/envelop PATCH /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/inputfield PATCH /envelope/{envelopeId}/documents/{documentId}/recipients PATCH /sender/{id}/submitEnvelop PATCH /ssign/save PATCH /ssign/submit POST /authenticate POST /document POST /document/invite/validate POST /document/user/verifyOTP POST /encryptedKey POST /envelope/create POST /envelope/multi POST /envelope/send/test POST /envelope/workflow/create POST /envelope/{envelopeId}/documents/multiple POST /envelope/{envelopeId}/documents/uploadFile POST /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField POST /envelope/{envelopeId}/documents/{documentId}/recipient POST /envelope/{envelopeId}/recipients/submit POST /sender/email POST /sender/envelop POST /sender/inviteUser POST /sender/resendEnvelope POST /sender/userInvite POST /sender/workflow/notification POST /ssign/init POST /ssign/initializeSession POST /ssign/send2FACode POST /ssign/submitConsent POST /ssign/verify2FAFound on 2026-01-09 23:18 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bce42db947c37314315ebc104a4c55fc6692ed80dPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /document/{id} DELETE /envelope/{envelopeId}/documents/{documentId}/recipient/{recipientId} GET /documents GET /documents/documentCards GET /documents/{documentId} GET /documents/{hubId}/template/{templateId}/object/{objectId} GET /email-template GET /envelope GET /envelope/envelopeCards GET /envelope/getCode/test GET /envelope/getFile/test GET /envelope/{envelopeId}/documents GET /envelope/{envelopeId}/documents/recipient GET /envelope/{envelopeId}/documents/{documentId} GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/completed-fields GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/getAll GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/{envelopeDocumentFieldId} GET /envelope/{envelopeId}/documents/{documentId}/generatePDF GET /envelope/{envelopeId}/recipients GET /envelope/{envelopeId}/recipients/{recipientId}/validate GET /envelope/{envelopeId}/{envelopeDocumentId}/auditTrail GET /envelope/{id} GET /envelopeDocument/{envelopeDocumentId}/fieldConfig GET /envelopeDocument/{envelopeDocumentId}/fieldConfig/{id} GET /help/category GET /help/category/{id} GET /help/knowledgeArticle GET /help/video GET /help/{id} GET /sender/copyRecipientSignerLink/{envelopeId}/{recipientMailId} GET /ssign/envelop GET /ssign/envelop/{id} GET /ssign/v1/envelop PATCH /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/inputfield PATCH /envelope/{envelopeId}/documents/{documentId}/recipients PATCH /sender/{id}/submitEnvelop PATCH /ssign/save PATCH /ssign/submit POST /authenticate POST /document POST /document/invite/validate POST /document/user/verifyOTP POST /encryptedKey POST /envelope/create POST /envelope/multi POST /envelope/send/test POST /envelope/workflow/create POST /envelope/{envelopeId}/documents/multiple POST /envelope/{envelopeId}/documents/uploadFile POST /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField POST /envelope/{envelopeId}/documents/{documentId}/recipient POST /envelope/{envelopeId}/recipients/submit POST /sender/email POST /sender/envelop POST /sender/inviteUser POST /sender/resendEnvelope POST /sender/userInvite POST /sender/workflow/notification POST /ssign/init POST /ssign/initializeSession POST /ssign/send2FACode POST /ssign/submitConsent POST /ssign/verify2FAFound on 2025-12-01 10:26
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 99.83.151.71
Domain: ssign.api.staging.sdocs.com
Port: 443
URL: https://ssign.api.staging.sdocs.comFirst seen 2025-10-17 01:01
Last seen 2026-01-09 10:01
Open for 84 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bce42db947c37314315ebc104a4c55fc6ffca5392Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /document/{id} DELETE /envelope/{envelopeId}/documents/{documentId}/recipient/{recipientId} GET /documents GET /documents/documentCards GET /documents/generatedDocument/{documentId} GET /documents/{documentId} GET /documents/{hubId}/template/{templateId}/object/{objectId} GET /email-template GET /envelope GET /envelope/envelopeCards GET /envelope/getCode/test GET /envelope/getFile/test GET /envelope/{envelopeId}/documents GET /envelope/{envelopeId}/documents/recipient GET /envelope/{envelopeId}/documents/{documentId} GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/completed-fields GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/getAll GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/{envelopeDocumentFieldId} GET /envelope/{envelopeId}/documents/{documentId}/generatePDF GET /envelope/{envelopeId}/recipients GET /envelope/{envelopeId}/recipients/{recipientId}/validate GET /envelope/{envelopeId}/{envelopeDocumentId}/auditTrail GET /envelope/{id} GET /envelopeDocument/{envelopeDocumentId}/fieldConfig GET /envelopeDocument/{envelopeDocumentId}/fieldConfig/{id} GET /help/category GET /help/category/{id} GET /help/knowledgeArticle GET /help/video GET /help/{id} GET /sender/copyRecipientSignerLink/{envelopeId}/{recipientMailId} GET /ssign/envelop GET /ssign/envelop/{id} GET /ssign/v1/envelop PATCH /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/inputfield PATCH /envelope/{envelopeId}/documents/{documentId}/recipients PATCH /sender/{id}/submitEnvelop PATCH /ssign/save PATCH /ssign/submit POST /authenticate POST /document POST /document/invite/validate POST /document/user/verifyOTP POST /encryptedKey POST /envelope/create POST /envelope/multi POST /envelope/send/test POST /envelope/workflow/create POST /envelope/{envelopeId}/documents/multiple POST /envelope/{envelopeId}/documents/uploadFile POST /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField POST /envelope/{envelopeId}/documents/{documentId}/recipient POST /envelope/{envelopeId}/recipients/submit POST /sender/email POST /sender/envelop POST /sender/inviteUser POST /sender/resendEnvelope POST /sender/userInvite POST /sender/workflow/notification POST /ssign/init POST /ssign/initializeSession POST /ssign/send2FACode POST /ssign/submitConsent POST /ssign/verify2FAFound on 2026-01-09 10:01 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bce42db947c37314315ebc104a4c55fc6692ed80dPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /document/{id} DELETE /envelope/{envelopeId}/documents/{documentId}/recipient/{recipientId} GET /documents GET /documents/documentCards GET /documents/{documentId} GET /documents/{hubId}/template/{templateId}/object/{objectId} GET /email-template GET /envelope GET /envelope/envelopeCards GET /envelope/getCode/test GET /envelope/getFile/test GET /envelope/{envelopeId}/documents GET /envelope/{envelopeId}/documents/recipient GET /envelope/{envelopeId}/documents/{documentId} GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/completed-fields GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/getAll GET /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/{envelopeDocumentFieldId} GET /envelope/{envelopeId}/documents/{documentId}/generatePDF GET /envelope/{envelopeId}/recipients GET /envelope/{envelopeId}/recipients/{recipientId}/validate GET /envelope/{envelopeId}/{envelopeDocumentId}/auditTrail GET /envelope/{id} GET /envelopeDocument/{envelopeDocumentId}/fieldConfig GET /envelopeDocument/{envelopeDocumentId}/fieldConfig/{id} GET /help/category GET /help/category/{id} GET /help/knowledgeArticle GET /help/video GET /help/{id} GET /sender/copyRecipientSignerLink/{envelopeId}/{recipientMailId} GET /ssign/envelop GET /ssign/envelop/{id} GET /ssign/v1/envelop PATCH /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField/inputfield PATCH /envelope/{envelopeId}/documents/{documentId}/recipients PATCH /sender/{id}/submitEnvelop PATCH /ssign/save PATCH /ssign/submit POST /authenticate POST /document POST /document/invite/validate POST /document/user/verifyOTP POST /encryptedKey POST /envelope/create POST /envelope/multi POST /envelope/send/test POST /envelope/workflow/create POST /envelope/{envelopeId}/documents/multiple POST /envelope/{envelopeId}/documents/uploadFile POST /envelope/{envelopeId}/documents/{documentId}/envelopeDocumentField POST /envelope/{envelopeId}/documents/{documentId}/recipient POST /envelope/{envelopeId}/recipients/submit POST /sender/email POST /sender/envelop POST /sender/inviteUser POST /sender/resendEnvelope POST /sender/userInvite POST /sender/workflow/notification POST /ssign/init POST /ssign/initializeSession POST /ssign/send2FACode POST /ssign/submitConsent POST /ssign/verify2FAFound on 2025-12-01 17:11
-
-
Open service 35.71.145.101:80 · ssign.api.staging.sdocs.com
2026-01-09 23:18
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 09 Jan 2026 23:19:51 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gGGHwH%2BYRyXkw%2Bg4dqg2I1aNM6jv24dYIgaE8E7bck8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768000791"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gGGHwH%2BYRyXkw%2Bg4dqg2I1aNM6jv24dYIgaE8E7bck8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768000791" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · ssign.api.staging.sdocs.com
2026-01-09 10:01
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 09 Jan 2026 10:01:20 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FTw1IVCFJBWbthwF8vQbfnPFoXCYvrG4ZHgK9UKzQgo%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767952880"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FTw1IVCFJBWbthwF8vQbfnPFoXCYvrG4ZHgK9UKzQgo%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767952880" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · ssign.api.staging.sdocs.com
2026-01-02 10:37
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 02 Jan 2026 10:37:20 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=42gjsGvD2qE9h1lZ4MbfvZhccxfiwW%2BJ0QhY3nc1Nk0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767350240"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=42gjsGvD2qE9h1lZ4MbfvZhccxfiwW%2BJ0QhY3nc1Nk0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767350240" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.145.101:80 · ssign.api.staging.sdocs.com
2025-12-30 10:52
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 30 Dec 2025 10:52:32 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=imtR%2BAf5KRQu44oFmBlxC4rTc71%2BoMjjJ%2FUyI7BX0V8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767091952"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=imtR%2BAf5KRQu44oFmBlxC4rTc71%2BoMjjJ%2FUyI7BX0V8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767091952" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2025-12-30 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · ssign.api.staging.sdocs.com
2025-12-23 07:09
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 23 Dec 2025 07:09:55 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2FNNoIEccK%2BCYvW1l0qayzDcaWfdO9rWG6ORaYhVj6TU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766473795"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2FNNoIEccK%2BCYvW1l0qayzDcaWfdO9rWG6ORaYhVj6TU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766473795" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2025-12-23 by HttpPluginCreate report
-
Open service 35.71.145.101:80 · ssign.api.staging.sdocs.com
2025-12-22 20:34
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Mon, 22 Dec 2025 20:34:57 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=dnaD%2FY2UgcPa%2B24tj%2BL%2B31hiL7h6MznWrehCVNz5gj4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766435697"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=dnaD%2FY2UgcPa%2B24tj%2BL%2B31hiL7h6MznWrehCVNz5gj4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766435697" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2025-12-22 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · ssign.api.staging.sdocs.com
2025-12-21 06:03
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Sun, 21 Dec 2025 06:03:16 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ik%2B8j3eHfeQ6iI1AgZrVB%2BXzwJ4NXiP9Zcb3tI2ldXk%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766296996"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ik%2B8j3eHfeQ6iI1AgZrVB%2BXzwJ4NXiP9Zcb3tI2ldXk%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766296996" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2025-12-21 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · ssign.api.staging.sdocs.com
2025-12-19 03:28
HTTP/1.1 403 Forbidden Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 19 Dec 2025 03:28:58 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=KD%2BFUZ9suyPaJ%2FX%2Fn0BzOZU4ZqXLW%2FUfukFfJS8XKP0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766114939"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=KD%2BFUZ9suyPaJ%2FX%2Fn0BzOZU4ZqXLW%2FUfukFfJS8XKP0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766114939" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: closeFound 2025-12-19 by HttpPluginCreate report