Booking.com HackerOne
paymentcomponent.booking.com
Endpoints (3 of 3)
Page 1 of 1
Path
Port
Status Code
Content-Length
Title
Resp Headers
/
80
301
167
301 Moved Permanently
Location: https://paymentcomponent.booking.com/
Content-Type: text/html
/
443
302
0
None
Location: https://paymentcomponent.booking.com/pay
//
443
302
0
None
Location: https://paymentcomponent.booking.com/pay
- Path: /
- Port: 80
- Status Code: 301
- Title: 301 Moved Permanently
-
Via: 1.1 c5c79ef7442267e414f3389ffcc2f0fa.cloudfront.net (CloudFront)
Date: Tue, 20 Feb 2024 09:26:22 GMT
Server: CloudFront
X-Cache: Redirect from cloudfront
Location: https://paymentcomponent.booking.com/
X-Amz-Cf-Id: dbUgRKDG19Snmfu0_EQwic5DYtYZwQZeE8u4cIuEbUmv6W0SfoEvNA==
Content-Type: text/html
X-Amz-Cf-Pop: EWR53-C2
Content-Length: 167
-
First snapshot:
1 year, 4 months ago
-
Latest snapshot:
1 year, 4 months ago
- Path: /
- Port: 443
- Status Code: 302
- Title: None
-
Via: 1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
Date: Tue, 20 Feb 2024 09:26:22 GMT
Server: nginx
X-Cache: Miss from cloudfront
Location: https://paymentcomponent.booking.com/pay
Set-Cookie: calango_session=U2FsdGVkX1%2FZ%2F6p31E5STqJneM5ivVP6%0A; path=/; secure; HttpOnly, bkng_sso_auth=CAIQsOnuTRpmidYuBv0Aakf9BuVFUguWA8Kge7SmKXo/93lIQUvbhAI9g+yrc8XJCOen2hh9HiXcTgY7cUfIttIL+XOrD+1etVXYdvo42T30AH7xyZTSFPysae1R5Fj4HUmXkbDCLqEKFUlRYNoq; Domain=.booking.com; Path=/; Expires=Thu, 19 Feb 2026 09:26:22 GMT; HttpOnly; Secure; SameSite=Lax, pcm_consent=analytical%3Dtrue%26countryCode%3DUS%26consentId%3D9e20dd1c-d301-4132-b6d5-593bf56863f5%26consentedAt%3D2024-02-20T09%3A26%3A22.362Z%26expiresAt%3D2024-08-18T09%3A26%3A22.362Z%26implicit%3Dtrue%26marketing%3Dtrue%26regionCode%3DNJ%26regulation%3Dnone%26legacyRegulation%3Dnone; Domain=.booking.com; Path=/; Expires=Wed, 19 Feb 2025 09:26:22 GMT; HttpOnly; Secure; SameSite=Lax
X-Amz-Cf-Id: wjo2HkbWoBXlSWj06Fg9iTc8p-ElNoEQyi9jthtuyZGCvEvHwwI38A==
X-Amz-Cf-Pop: EWR53-C2
X-Xss-Protection: 1; mode=block
X-Booking-Trace-Id: 1c91264e-cfd2-11ee-bd9e-c6bf969bfcdc
Content-Security-Policy: base-uri 'none'; connect-src 'self' 'report-sample' paymentcomponent.booking.com *.riskified.com reports.booking.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.paypal.com *.cardinalcommerce.com google.com pay.google.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com at.alicdn.com; frame-ancestors *.booking.com *.booking.cn *.booking.com *.booking.cn paymentcomponent.booking.com; frame-src data: *; img-src 'self' data: img.riskified.com t-ec.bstatic.com *.bstatic.com *.adyen.com *.paypal.com www.paypalobjects.com www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=85&pid=88d7425f96dc0040&e=UmFuZG9tSVYkc2RlIyh9YZvBjiG47r2QugpBa_MZJ41bCmBCKsFaqU3KPZwW-o8uXJhOngqN-sO4gOp3EPWbd8t4zL9CjKrk8XTI4gmb8m4; script-src 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL' 'unsafe-inline' *.bstatic.com *.static.booking.cn beacon.riskified.com paymentcomponent.booking.com *.cardinalcommerce.com *.paypal.com assets.braintreegateway.com pay.google.com www.paypalobjects.com; script-src-attr 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL'; style-src 'self' 'unsafe-inline' *.bstatic.com t-cf.bstatic.com *.static.booking.cn *.adyen.com *.paypal.com fonts.googleapis.com
Strict-Transport-Security: max-age=604800; includeSubDomains
Content-Security-Policy-Report-Only: base-uri 'none'; connect-src 'self' 'report-sample' paymentcomponent.booking.com *.riskified.com reports.booking.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.paypal.com *.cardinalcommerce.com google.com pay.google.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com at.alicdn.com; frame-ancestors *.booking.com *.booking.cn *.booking.com *.booking.cn paymentcomponent.booking.com; frame-src data: *; img-src 'self' data: img.riskified.com t-ec.bstatic.com *.bstatic.com *.adyen.com *.paypal.com www.paypalobjects.com www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=86&pid=88d7425f96dc0040&e=UmFuZG9tSVYkc2RlIyh9YZvBjiG47r2QugpBa_MZJ41bCmBCKsFaqU3KPZwW-o8uXJhOngqN-sO4gOp3EPWbd8t4zL9CjKrk8XTI4gmb8m4; script-src 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL' *.bstatic.com *.static.booking.cn beacon.riskified.com paymentcomponent.booking.com *.cardinalcommerce.com *.paypal.com assets.braintreegateway.com pay.google.com www.paypalobjects.com; script-src-attr 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL'; style-src 'self' 'unsafe-inline' *.bstatic.com t-cf.bstatic.com *.static.booking.cn *.adyen.com *.paypal.com fonts.googleapis.com
-
First snapshot:
1 year, 4 months ago
-
Latest snapshot:
1 year, 4 months ago
- Path: //
- Port: 443
- Status Code: 302
- Title: None
- Content-Length: 0
-
Location:
https://paymentcomponent.booking.com/pay
-
-
First snapshot:
1 year, 4 months ago
-
Latest snapshot:
1 year, 1 month ago
Page 1 of 1
Path
Port
Status Code
Content-Length
Title
Resp Headers
Location: https://paymentcomponent.booking.com/
Content-Type: text/html
Location: https://paymentcomponent.booking.com/pay
Location: https://paymentcomponent.booking.com/pay
- Path: /
- Port: 80
- Status Code: 301
- Title: 301 Moved Permanently
-
Via: 1.1 c5c79ef7442267e414f3389ffcc2f0fa.cloudfront.net (CloudFront)
Date: Tue, 20 Feb 2024 09:26:22 GMT
Server: CloudFront
X-Cache: Redirect from cloudfront
Location: https://paymentcomponent.booking.com/
X-Amz-Cf-Id: dbUgRKDG19Snmfu0_EQwic5DYtYZwQZeE8u4cIuEbUmv6W0SfoEvNA==
Content-Type: text/html
X-Amz-Cf-Pop: EWR53-C2
Content-Length: 167
- First snapshot: 1 year, 4 months ago
- Latest snapshot: 1 year, 4 months ago
- Path: /
- Port: 443
- Status Code: 302
- Title: None
-
Via: 1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
Date: Tue, 20 Feb 2024 09:26:22 GMT
Server: nginx
X-Cache: Miss from cloudfront
Location: https://paymentcomponent.booking.com/pay
Set-Cookie: calango_session=U2FsdGVkX1%2FZ%2F6p31E5STqJneM5ivVP6%0A; path=/; secure; HttpOnly, bkng_sso_auth=CAIQsOnuTRpmidYuBv0Aakf9BuVFUguWA8Kge7SmKXo/93lIQUvbhAI9g+yrc8XJCOen2hh9HiXcTgY7cUfIttIL+XOrD+1etVXYdvo42T30AH7xyZTSFPysae1R5Fj4HUmXkbDCLqEKFUlRYNoq; Domain=.booking.com; Path=/; Expires=Thu, 19 Feb 2026 09:26:22 GMT; HttpOnly; Secure; SameSite=Lax, pcm_consent=analytical%3Dtrue%26countryCode%3DUS%26consentId%3D9e20dd1c-d301-4132-b6d5-593bf56863f5%26consentedAt%3D2024-02-20T09%3A26%3A22.362Z%26expiresAt%3D2024-08-18T09%3A26%3A22.362Z%26implicit%3Dtrue%26marketing%3Dtrue%26regionCode%3DNJ%26regulation%3Dnone%26legacyRegulation%3Dnone; Domain=.booking.com; Path=/; Expires=Wed, 19 Feb 2025 09:26:22 GMT; HttpOnly; Secure; SameSite=Lax
X-Amz-Cf-Id: wjo2HkbWoBXlSWj06Fg9iTc8p-ElNoEQyi9jthtuyZGCvEvHwwI38A==
X-Amz-Cf-Pop: EWR53-C2
X-Xss-Protection: 1; mode=block
X-Booking-Trace-Id: 1c91264e-cfd2-11ee-bd9e-c6bf969bfcdc
Content-Security-Policy: base-uri 'none'; connect-src 'self' 'report-sample' paymentcomponent.booking.com *.riskified.com reports.booking.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.paypal.com *.cardinalcommerce.com google.com pay.google.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com at.alicdn.com; frame-ancestors *.booking.com *.booking.cn *.booking.com *.booking.cn paymentcomponent.booking.com; frame-src data: *; img-src 'self' data: img.riskified.com t-ec.bstatic.com *.bstatic.com *.adyen.com *.paypal.com www.paypalobjects.com www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=85&pid=88d7425f96dc0040&e=UmFuZG9tSVYkc2RlIyh9YZvBjiG47r2QugpBa_MZJ41bCmBCKsFaqU3KPZwW-o8uXJhOngqN-sO4gOp3EPWbd8t4zL9CjKrk8XTI4gmb8m4; script-src 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL' 'unsafe-inline' *.bstatic.com *.static.booking.cn beacon.riskified.com paymentcomponent.booking.com *.cardinalcommerce.com *.paypal.com assets.braintreegateway.com pay.google.com www.paypalobjects.com; script-src-attr 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL'; style-src 'self' 'unsafe-inline' *.bstatic.com t-cf.bstatic.com *.static.booking.cn *.adyen.com *.paypal.com fonts.googleapis.com
Strict-Transport-Security: max-age=604800; includeSubDomains
Content-Security-Policy-Report-Only: base-uri 'none'; connect-src 'self' 'report-sample' paymentcomponent.booking.com *.riskified.com reports.booking.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.paypal.com *.cardinalcommerce.com google.com pay.google.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com at.alicdn.com; frame-ancestors *.booking.com *.booking.cn *.booking.com *.booking.cn paymentcomponent.booking.com; frame-src data: *; img-src 'self' data: img.riskified.com t-ec.bstatic.com *.bstatic.com *.adyen.com *.paypal.com www.paypalobjects.com www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=86&pid=88d7425f96dc0040&e=UmFuZG9tSVYkc2RlIyh9YZvBjiG47r2QugpBa_MZJ41bCmBCKsFaqU3KPZwW-o8uXJhOngqN-sO4gOp3EPWbd8t4zL9CjKrk8XTI4gmb8m4; script-src 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL' *.bstatic.com *.static.booking.cn beacon.riskified.com paymentcomponent.booking.com *.cardinalcommerce.com *.paypal.com assets.braintreegateway.com pay.google.com www.paypalobjects.com; script-src-attr 'self' 'strict-dynamic' 'nonce-wK1UeUToHv0fBtL'; style-src 'self' 'unsafe-inline' *.bstatic.com t-cf.bstatic.com *.static.booking.cn *.adyen.com *.paypal.com fonts.googleapis.com
- First snapshot: 1 year, 4 months ago
- Latest snapshot: 1 year, 4 months ago
- Path: //
- Port: 443
- Status Code: 302
- Title: None
- Content-Length: 0
- Location: https://paymentcomponent.booking.com/pay
- First snapshot: 1 year, 4 months ago
- Latest snapshot: 1 year, 1 month ago