Hubstaff.com - Api.hubstaff.com

date: Mon, 23 Jun 2025 10:32:21 GMT
content-type: text/html
content-length: 91
location: https://app.hubstaff.com/
set-cookie: INGRESSCOOKIE=1750674742.669.29.572292|ab5a3fcea979797856210a32586c8e2e; Expires=Mon, 23-Jun-25 11:32:21 GMT; Max-Age=3600; Path=/; Secure; HttpOnly
cache-control: no-cache
x-request-id: ba506ab6aaecd6722730cbc74b73352c
x-runtime: 0.004410
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
expect-ct: max-age=86400, report-uri="https://hubstaff.report-uri.com/r/t/ct/reportOnly"
content-security-policy-report-only: default-src 'self' sentry.io; connect-src 'self' https://server-assets.hubstaff.com account.hubstaff.com hubstaff-production.s3.amazonaws.com api.segment.io api.hubspot.com api-secure.amplitude.com api-sr.amplitude.com forms.hscollectedforms.net forms.hsforms.com cdn.segment.com maps.googleapis.com analytics.google.com pipedream.wistia.com embed-cloudfront.wistia.com stats.g.doubleclick.net fast.wistia.com distillery.wistia.com region1.analytics.google.com fg8vvsvnieiv3ej16jby.litix.io bat.bing.com px.ads.linkedin.com www2.profitwell.com api.hubapi.com forms.hubspot.com google.com www.facebook.com api.getripe.com rest.ably.io wss://realtime.ably.io internet-up.ably-realtime.com cta-service-cms2.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com www.google.pl/ads/ga-audiences ip2c.org/s us01cci.zoom.us wss://us01cci.zoom.us us01campaign.zoom.us us01apizva.zoom.us us01cciapi.zoom.us log-gateway.zoom.us www.paypal.com api-m.sandbox.paypal.com api-m.paypal.com; font-src data: https://server-assets.hubstaff.com app.hubstaff.com fonts.gstatic.com netdna.bootstrapcdn.com fast.wistia.com maxcdn.bootstrapcdn.com use.typekit.net static.zohocdn.com cdn.megabonus.com assets.getripe.com fonts.bunny.net; frame-src js.stripe.com app.hubspot.com td.doubleclick.net www.facebook.com bid.g.doubleclick.net tasks.hubstaff.com www.youtube.com www.google.com tasks-api.hubstaff.com us01ccistatic.zoom.us www.sandbox.paypal.com www.paypal.com *.paypal.com; img-src data: blob: https: https://server-assets.hubstaff.com app.hubstaff.com hubstaff-production.s3.amazonaws.com track.hubspot.com forms.hsforms.com forms-na1.hsforms.com maps.gstatic.com fast.wistia.com embed-ssl.wistia.com maps.googleapis.com www.google.pl fast.wistia.net; media-src blob: fast.wistia.com embed-cloudfront.wistia.com; script-src 'self' 'unsafe-eval' https://server-assets.hubstaff.com js-na1.hs-scripts.com js.hsforms.net js.hs-analytics.net js.hs-scripts.com js.hs-banner.com js.usemessages.com js.hscollectedforms.net cdn.segment.com js.stripe.com fast.wistia.com static.cloudflareinsights.com public.profitwell.com connect.facebook.net snap.licdn.com www.googletagmanager.com bat.bing.com www.googleadservices.com googleads.g.doubleclick.net js.hubspotfeedback.com ajax.cloudflare.com js.hsadspixel.net js.hsleadflows.net script.hotjar.com js.hubspot.com static.hotjar.com storage.getripe.com us01ccistatic.zoom.us www.paypal.com www.sandbox.paypal.com; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' https://server-assets.hubstaff.com app.hubstaff.com ajax.cloudflare.com js-na1.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.usemessages.com cdn.segment.com js.hs-scripts.com js.hsforms.net js.stripe.com maps.googleapis.com fast.wistia.com www.googletagmanager.com sandbox.accountdock.com bat.bing.com connect.facebook.net snap.licdn.com www.googleadservices.com public.profitwell.com googleads.g.doubleclick.net js.hsadspixel.net static.cloudflareinsights.com js.hsleadflows.net js.hubspotfeedback.com storage.getripe.com script.hotjar.com static.hotjar.com js.hubspot.com us01ccistatic.zoom.us www.paypal.com www.sandbox.paypal.com tasks-api.hubstaff.com; style-src 'unsafe-inline' https://server-assets.hubstaff.com netdna.bootstrapcdn.com fonts.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://server-assets.hubstaff.com netdna.bootstrapcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com account-assets.hubstaff.com app.hubstaff.com; report-uri https://hubstaff.report-uri.com/r/t/csp/reportOnly
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 9543522f0884dc79-FRA
alt-svc: h3=":443"; ma=86400

HTTP/2 302 
date: Mon, 23 Jun 2025 10:32:21 GMT
content-type: text/html
content-length: 86
location: https://hubstaff.com
set-cookie: INGRESSCOOKIE=1750674742.821.5018.365178|6409844c71262c8fd9483506f97c996c; Expires=Mon, 23-Jun-25 11:32:21 GMT; Max-Age=3600; Path=/; Secure; HttpOnly
cache-control: no-cache
x-request-id: 64c178f271159ce3d40f6ee11aecaeef
x-runtime: 0.007719
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
expect-ct: max-age=86400, report-uri="https://hubstaff.report-uri.com/r/t/ct/reportOnly"
content-security-policy-report-only: default-src 'self' sentry.io; connect-src 'self' https://server-assets.hubstaff.com account.hubstaff.com hubstaff-production.s3.amazonaws.com api.segment.io api.hubspot.com api-secure.amplitude.com api-sr.amplitude.com forms.hscollectedforms.net forms.hsforms.com cdn.segment.com maps.googleapis.com analytics.google.com pipedream.wistia.com embed-cloudfront.wistia.com stats.g.doubleclick.net fast.wistia.com distillery.wistia.com region1.analytics.google.com fg8vvsvnieiv3ej16jby.litix.io bat.bing.com px.ads.linkedin.com www2.profitwell.com api.hubapi.com forms.hubspot.com google.com www.facebook.com api.getripe.com rest.ably.io wss://realtime.ably.io internet-up.ably-realtime.com cta-service-cms2.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com www.google.pl/ads/ga-audiences ip2c.org/s us01cci.zoom.us wss://us01cci.zoom.us us01campaign.zoom.us us01apizva.zoom.us us01cciapi.zoom.us log-gateway.zoom.us www.paypal.com api-m.sandbox.paypal.com api-m.paypal.com; font-src data: https://server-assets.hubstaff.com app.hubstaff.com fonts.gstatic.com netdna.bootstrapcdn.com fast.wistia.com maxcdn.bootstrapcdn.com use.typekit.net static.zohocdn.com cdn.megabonus.com assets.getripe.com fonts.bunny.net; frame-src js.stripe.com app.hubspot.com td.doubleclick.net www.facebook.com bid.g.doubleclick.net tasks.hubstaff.com www.youtube.com www.google.com tasks-api.hubstaff.com us01ccistatic.zoom.us www.sandbox.paypal.com www.paypal.com *.paypal.com; img-src data: blob: https: https://server-assets.hubstaff.com app.hubstaff.com hubstaff-production.s3.amazonaws.com track.hubspot.com forms.hsforms.com forms-na1.hsforms.com maps.gstatic.com fast.wistia.com embed-ssl.wistia.com maps.googleapis.com www.google.pl fast.wistia.net; media-src blob: fast.wistia.com embed-cloudfront.wistia.com; script-src 'self' 'unsafe-eval' https://server-assets.hubstaff.com js-na1.hs-scripts.com js.hsforms.net js.hs-analytics.net js.hs-scripts.com js.hs-banner.com js.usemessages.com js.hscollectedforms.net cdn.segment.com js.stripe.com fast.wistia.com static.cloudflareinsights.com public.profitwell.com connect.facebook.net snap.licdn.com www.googletagmanager.com bat.bing.com www.googleadservices.com googleads.g.doubleclick.net js.hubspotfeedback.com ajax.cloudflare.com js.hsadspixel.net js.hsleadflows.net script.hotjar.com js.hubspot.com static.hotjar.com storage.getripe.com us01ccistatic.zoom.us www.paypal.com www.sandbox.paypal.com; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' https://server-assets.hubstaff.com app.hubstaff.com ajax.cloudflare.com js-na1.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.usemessages.com cdn.segment.com js.hs-scripts.com js.hsforms.net js.stripe.com maps.googleapis.com fast.wistia.com www.googletagmanager.com sandbox.accountdock.com bat.bing.com connect.facebook.net snap.licdn.com www.googleadservices.com public.profitwell.com googleads.g.doubleclick.net js.hsadspixel.net static.cloudflareinsights.com js.hsleadflows.net js.hubspotfeedback.com storage.getripe.com script.hotjar.com static.hotjar.com js.hubspot.com us01ccistatic.zoom.us www.paypal.com www.sandbox.paypal.com tasks-api.hubstaff.com; style-src 'unsafe-inline' https://server-assets.hubstaff.com netdna.bootstrapcdn.com fonts.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://server-assets.hubstaff.com netdna.bootstrapcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com account-assets.hubstaff.com app.hubstaff.com; report-uri https://hubstaff.report-uri.com/r/t/csp/reportOnly
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 954352300d188cb6-FRA
alt-svc: h3=":443"; ma=86400

HTTP/2 200 
date: Mon, 23 Jun 2025 10:32:22 GMT
content-type: text/html
x-amz-id-2: CAPrRDW1Uj+WofZ/mSiriesLTqtiHsXkbofQNyORy4rIbSbAZ9ZVZvHUOdBXyjnZ42BQm4rK4H3pI2HA9lPpr4BbW6lM3QAb00HUQPAqekU=
x-amz-request-id: RCD02QXG4NKNCVCN
last-modified: Fri, 20 Jun 2025 17:11:40 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
etag: W/"84496acefba086edd476b1db958fa8db"
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-security-policy: default-src 'self';font-src 'self' https: data: *.hubstaff.com;img-src 'self' blob: https: data: *.gstatic.com *.outbrain.com *.rlcdn.com *.wistia.com *.wistia.net *.hubstaff.com;object-src 'none';script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.partnerstack.com *.adroll.com *.app-us1.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cloudfront.net *.cookiebot.com *.doubleclick.net *.facebook.net *.getdrip.com *.getripe.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubspot.com *.hubspotfeedback.com *.licdn.com *.linkedin.com *.nr-data.net *.omappapi.com *.optinmonster.com *.perfectaudience.com *.plausible.io *.posthog.com *.prfct.co scatec.io *.profitwell.com *.segment.com *.sentry-cdn.com *.storyblok.com *.twitter.com *.usemessages.com *.visionary-business-52.com *.wistia.com *.wistia.net *.woopra.com *.workable.com *.zoominfo.com a.optmnstr.com a.optmstr.com cdn.jsdelivr.net hubstaff.activehosted.com js-agent.newrelic.com js.zi-scripts.com plausible.io s.ytimg.com tags.clickagy.com unpkg.com www.clickcease.com www.googleadservices.com www.googletagmanager.com www.youtube.com tracking.g2crowd.com *.hubstaff.com js.storylane.io www.redditstatic.com *.zoom.us;style-src 'self' 'unsafe-inline' *.googleapis.com hello.myfonts.net maxcdn.bootstrapcdn.com optimize.google.com *.posthog.com;connect-src 'self' wss:  *.hubstaff.com grsm.io partnerlinks.io *.amazonaws.com *.bing.com *.clarity.ms *.clickagy.com *.cookiebot.com *.doubleclick.net *.facebook.com *.getripe.com *.google-analytics.com *.google.com *.hscollectedforms.net *.hsforms.com *.hubapi.com *.hubspot.com *.licdn.com *.linkedin.com *.litix.io *.nr-data.net *.plausible.io *.posthog.com *.profitwell.com *.segment.com *.segment.io *.sentry.io *.twitter.com *.wistia.com *.woopra.com *.zoominfo.com google.com googleadservices.com js.zi-scripts.com plausible.io www2.profitwell.com tracking.g2crowd.com *.hubstaff.com events.statsigapi.net featuregates.org ronr3wkgy2f6qcum637626cwqy0htaew.lambda-url.ap-south-1.on.aws featureassets.org prodregistryv2.org grsm.io api.ashbyhq.com *.g2.com *.reddit.com www.redditstatic.com *.zoom.us;frame-src 'self' *.cnbc.com *.cookiebot.com *.doubleclick.net *.doubleclick.net *.facebook.com *.google.com *.hsforms.com *.hsforms.net *.hs-sites.com *.hubspot.com *.today.com *.twitter.com *.vimeo.com *.wistia.com google.com today.com www.slideshare.net www.youtube.com app.storylane.io hubstaff.outgrow.us *.storyblok.com *.zoom.us *.zoom.us;media-src 'self' blob: data: *.cloudfront.net *.rlcdn.com *.s3.amazonaws.com *.wistia.com embedwistia-a.akamaihd.net *.hubstaff.com *.zoom.us;child-src 'self' blob: *.wistia.com;manifest-src 'self';frame-ancestors *.hubstaff.com;
set-cookie: posthog_distinct_id=c8b192072d323c218dac568f4cd10432; Max-Age=31536000; Secure
set-cookie: posthog_experiments={"abt-further-demo-experiments":"control","abt-cta-exp-demo-form":"control","abt-payroll-hero-design":"control","abt-interactive-demo-header":"variant","pricing-page":"control","signup-page":"control","signup-sidebar":"random-quotes","signup-customer-retention":"control"}; Max-Age=3600; Secure; SameSite=Strict
x-cache: Hit from cloudfront
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6Y-ZV5WvHo-WiMXgUsUPy-4d-lZO8XruZU-Ob2ZjZ0FGSppuT9iHMg==
age: 62373
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 95435230f9d9d362-FRA
content-encoding: br