Domain staging.edpay.se
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-19 01:43
Last seen 2026-01-09 17:38
Open for 51 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b26756a6626756a6626756a6626756a6626756a66Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /events/{eventType}Found on 2026-01-09 17:38
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-19 01:43
Last seen 2026-01-09 21:13
Open for 51 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b26756a6626756a6626756a6626756a6626756a66Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /events/{eventType}Found on 2026-01-09 21:13
-
-
Open service 15.197.253.240:80 · staging.edpay.se
2026-01-09 21:13
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Fri, 09 Jan 2026 21:14:14 GMT Expires: 0 Location: http://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=E5gQyaq3ufaOIM1mDG11GEhJvpv%2F8DSqzGv41qdzX54%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767993254"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=E5gQyaq3ufaOIM1mDG11GEhJvpv%2F8DSqzGv41qdzX54%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767993254" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2 days ago by HttpPluginCreate report
-
Open service 52.223.53.203:443 · staging.edpay.se
2026-01-09 17:38
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Fri, 09 Jan 2026 17:38:30 GMT Expires: 0 Location: https://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=9kPjdPc8KDW49nCzyfK8cXieKJ86%2FJRF%2FWrG7d%2BI%2B3k%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767980310"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=9kPjdPc8KDW49nCzyfK8cXieKJ86%2FJRF%2FWrG7d%2BI%2B3k%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767980310" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 3 days ago by HttpPluginCreate report
-
Open service 52.223.53.203:443 · staging.edpay.se
2026-01-02 23:04
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Fri, 02 Jan 2026 23:04:17 GMT Expires: 0 Location: https://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=VIsoR%2Fcl2%2BuAhCZB4Vg3nH705BtLVHf4eD062v9nSyM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767395057"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=VIsoR%2Fcl2%2BuAhCZB4Vg3nH705BtLVHf4eD062v9nSyM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767395057" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 15.197.253.240:80 · staging.edpay.se
2026-01-02 14:56
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Fri, 02 Jan 2026 14:56:33 GMT Expires: 0 Location: http://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=aXgBW%2Bu13uTWe2sG%2BjI6M1wuL6cQOiAS1HGKpFXCfY8%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767365793"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=aXgBW%2Bu13uTWe2sG%2BjI6M1wuL6cQOiAS1HGKpFXCfY8%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767365793" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · staging.edpay.se
2025-12-30 10:20
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Tue, 30 Dec 2025 10:20:46 GMT Expires: 0 Location: https://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Vd65j6ZCNdRlRi%2FfEtHoNhiitAkUPaRGLvSIRPh4TOU%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767090046"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Vd65j6ZCNdRlRi%2FfEtHoNhiitAkUPaRGLvSIRPh4TOU%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767090046" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-30 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · staging.edpay.se
2025-12-23 03:08
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Tue, 23 Dec 2025 03:08:33 GMT Expires: 0 Location: https://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=CmMkLgPAB1DFolQPKWGPxw54EgvJ5Jv6NqC4VdFX%2FF0%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766459313"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=CmMkLgPAB1DFolQPKWGPxw54EgvJ5Jv6NqC4VdFX%2FF0%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766459313" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-23 by HttpPluginCreate report
-
Open service 15.197.253.240:80 · staging.edpay.se
2025-12-22 16:50
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Mon, 22 Dec 2025 16:51:02 GMT Expires: 0 Location: http://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=M%2Fu9k1dp6vO1lHByNqAkmZY87W53Nn79xcEPUXWvv%2BI%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766422262"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=M%2Fu9k1dp6vO1lHByNqAkmZY87W53Nn79xcEPUXWvv%2BI%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766422262" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-22 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · staging.edpay.se
2025-12-21 07:55
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Sun, 21 Dec 2025 07:55:31 GMT Expires: 0 Location: https://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AVMx%2BUj8bQ7rfvJhe1BtDV2wmpzZMyi%2FlpKidndK1CA%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766303731"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AVMx%2BUj8bQ7rfvJhe1BtDV2wmpzZMyi%2FlpKidndK1CA%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766303731" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-21 by HttpPluginCreate report
-
Open service 15.197.253.240:80 · staging.edpay.se
2025-12-20 17:46
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Sat, 20 Dec 2025 17:46:44 GMT Expires: 0 Location: http://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7A6%2BJMdKhjKLmTxxHRgR5sEryidn26gfyYmr3BX4ZxI%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766252804"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7A6%2BJMdKhjKLmTxxHRgR5sEryidn26gfyYmr3BX4ZxI%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766252804" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-20 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · staging.edpay.se
2025-12-19 09:24
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Fri, 19 Dec 2025 09:24:45 GMT Expires: 0 Location: https://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=qXCquIhT8w7f9g0wRnENYnISVNZKedw49bpN7l5kyLE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766136285"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=qXCquIhT8w7f9g0wRnENYnISVNZKedw49bpN7l5kyLE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766136285" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-19 by HttpPluginCreate report
-
Open service 15.197.253.240:80 · staging.edpay.se
2025-12-19 06:28
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Fri, 19 Dec 2025 06:28:06 GMT Expires: 0 Location: http://staging.edpay.se/user Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=xT%2BoEQRsPdpzgp7qXm2rVm9SzanLwCK030CWtWhfIXo%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766125686"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=xT%2BoEQRsPdpzgp7qXm2rVm9SzanLwCK030CWtWhfIXo%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766125686" Server: Heroku Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro= Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Connection: closeFound 2025-12-19 by HttpPluginCreate report