proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.44 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://qa.internal.submitforassessment.cambridgeassessment.org.uk/
Effective URL:
https://proxy.qa.internal.sso.cambridge.org/login
Submission: On July 01 via automatic, source certstream-suspicious (July 1st 2023, 12:22:31 am UTC) — Scanned from DE

Summary HTTP 69 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 7 domains to perform 69 HTTP transactions. The main IP is 108.138.7.44, located in United States and belongs to AMAZON-02, US. The main domain is proxy.qa.internal.sso.cambridge.org.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 28th 2023. Valid for: a year.

This is the only time proxy.qa.internal.sso.cambridge.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	52.222.214.98 52.222.214.98	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	35.179.99.36 35.179.99.36	16509 (AMAZON-02) (AMAZON-02)
1 4	13.32.121.91 13.32.121.91	16509 (AMAZON-02) (AMAZON-02)
16	108.138.7.44 108.138.7.44	16509 (AMAZON-02) (AMAZON-02)
5	18.205.77.36 18.205.77.36	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
16	184.30.16.250 184.30.16.250	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.169.210.15 18.169.210.15	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:806::2003	() ()
69	12

9 52.222.214.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-98.fra56.r.cloudfront.net

qa.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.179.99.36 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-179-99-36.eu-west-2.compute.amazonaws.com

unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.121.91 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-91.fra60.r.cloudfront.net

openid.qa.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
openid.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 108.138.7.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-44.fra56.r.cloudfront.net

proxy.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.205.77.36 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: lb-d.us1.gigya.com

accounts.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 184.30.16.250 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-250.deploy.static.akamaitechnologies.com

cdns.eu1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.210.15 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-210-15.eu-west-2.compute.amazonaws.com

orgs.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	gigya.com accounts.gigya.com cdns.eu1.gigya.com — Cisco Umbrella Rank: 17282	798 KB
21	cambridge.org 1 redirects openid.qa.sso.cambridge.org proxy.qa.internal.sso.cambridge.org openid.qa.internal.sso.cambridge.org orgs.qa.internal.sso.cambridge.org	209 KB
11	cambridgeassessment.org.uk qa.internal.submitforassessment.cambridgeassessment.org.uk unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	1015 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	3 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	246 KB
3	gstatic.com fonts.gstatic.com	52 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1623	285 B
69	7

	Domain	Requested by
16	cdns.eu1.gigya.com	accounts.gigya.com cdns.eu1.gigya.com
16	proxy.qa.internal.sso.cambridge.org	qa.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org accounts.gigya.com
9	qa.internal.submitforassessment.cambridgeassessment.org.uk	qa.internal.submitforassessment.cambridgeassessment.org.uk
5	accounts.gigya.com	proxy.qa.internal.sso.cambridge.org accounts.gigya.com
5	fonts.googleapis.com	qa.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org client
4	www.googletagmanager.com	proxy.qa.internal.sso.cambridge.org www.googletagmanager.com
3	fonts.gstatic.com	fonts.googleapis.com
2	openid.qa.internal.sso.cambridge.org	accounts.gigya.com
2	region1.google-analytics.com	www.googletagmanager.com
2	openid.qa.sso.cambridge.org	1 redirects qa.internal.submitforassessment.cambridgeassessment.org.uk
2	unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	qa.internal.submitforassessment.cambridgeassessment.org.uk
1	orgs.qa.internal.sso.cambridge.org	proxy.qa.internal.sso.cambridge.org
69	12

This site contains no links.

Subject Issuer	Validity	Valid
qa.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M02	`2023-02-24` - `2023-08-29`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
dev.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M02	`2023-06-27` - `2024-07-25`	a year	crt.sh
openid.qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-03-15` - `2024-04-12`	a year	crt.sh
qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-05-28` - `2024-06-25`	a year	crt.sh
*.us1.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-18` - `2024-05-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
cdns.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-07` - `2023-12-07`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://proxy.qa.internal.sso.cambridge.org/login
Frame ID: F1CB6E7A1757ABB66ADC6332C82CB7F1
Requests: 53 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: 2501D263D8C9DAA41DA9D924C83C9D99
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 2150BE3E3E393033A7BF4002201110E4
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: BC3F10DC739CA1D68A75E77E8CFEF316
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: BDFE2011722BE606A62600F20784BEDC
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: 8DAE7E25D636FBA83BC880509718DCE5
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 19FB9EE5745C728AB69C3298F90E3677
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 23CEF68CC783CBBA18598A2996857DD1
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 9E8E8C323554C56C5427B04A4D3CDF99
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cambridge Login

Page URL History Show full URLs

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BR... HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547... Page URL
https://proxy.qa.internal.sso.cambridge.org/login Page URL

Detected technologies

SAP Customer Data Cloud Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

\.gigya\.com/JS/gigya\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

69
Requests

96 %
HTTPS

36 %
IPv6

7
Domains

12
Subdomains

12
IPs

3
Countries

2325 kB
Transfer

8536 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fqa.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=067e37df8c7e47a68bbab98c19d9ae86&code_challenge=EOfyhjAs0oaFKUvm6jxMa90lpF3QcllQkYDcHRb3cn8&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Page URL
https://proxy.qa.internal.sso.cambridge.org/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fqa.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=067e37df8c7e47a68bbab98c19d9ae86&code_challenge=EOfyhjAs0oaFKUvm6jxMa90lpF3QcllQkYDcHRb3cn8&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/ 4 KB
3 KB 128ms
7ms Document
text/html 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

9528cdc606915346d06c8fd44db12b486794d8bbc0853f130fc86d28bd951ba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16
content-encoding: gzip
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
content-type: text/html
date: Sat, 01 Jul 2023 00:22:10 GMT
etag: W/"d2ec4746ce2b09a8dd20216a130b663c"
expect-ct: max-age=86400, enforce
last-modified: Wed, 21 Jun 2023 11:12:20 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-id: Kk0veiVm1t7qgPMy7g-p4bXSbvbYPA5VgmhKFCT0T5NFGdmBwqLthQ==
x-amz-cf-pop: FRA56-P3
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 61ms
24ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:52:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:22:25 GMT

GET
H2 200 4.99df9bc1.chunk.js Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 599 KB
156 KB 433ms
432ms Script
application/javascript 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:21 GMT
server: CloudFront
etag: W/"3592d59661b10faf19244b4c9030908f"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: _BITopcbLJaKG2VmjXG8jYgCmR0_S9VZ3E9X99lQwFu4uwYbH31ZGQ==

GET
H2 200 main.416391d8.chunk.js Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 14 KB
4 KB 187ms
186ms Script
application/javascript 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/main.416391d8.chunk.js

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

7d6dd10a11406e30de344c9f16e9a67aecf1ee98199ba738fec69021af4ea860

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:22 GMT
server: CloudFront
etag: W/"0adb1133b6a46dbee699e900cec60c32"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: N6Ek3WP4y2ZDU30MFLZaYjFe0DsQPNe5tp7Y-gmXLZN1VQRH4l6rww==

GET
H2 200 application.env Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/ 583 B
1 KB 218ms
218ms Fetch
application/octet-stream 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/application.env

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

e431739e17e6a3a37485fac2636d51160da720146a1d6d63f1697f88dfef8bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 583
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:19 GMT
server: CloudFront
etag: "63a488ccf125c692967c3d6e1a8fcc08"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/octet-stream
accept-ranges: bytes
x-amz-cf-id: 5aakM37KvhRObmU4qQpwjvuuUR16z1T25jC1qQm0oOLvw4GEQmBbtg==

GET
H2 200 2.f12a0b49.chunk.css
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 932 B
2 KB 193ms
192ms Stylesheet
text/css 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/css/2.f12a0b49.chunk.css

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 932
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:20 GMT
server: CloudFront
etag: "887533d101c668c83f3f11150b2bb261"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: P6abvFSI9Dkn2P3XNiD59HZZFRMhn44ShzikQ5okXlhJvrjKoWPlsQ==

GET
H2 200 2.0955e429.chunk.js Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 4 MB
745 KB 346ms
345ms Script
application/javascript 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

1f565149e781847ed5ac65cd034542cbd320faad6780d5c875d073ce1ffa4e18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:20 GMT
server: CloudFront
etag: W/"ec1a01c6202b04c5196bee010dca2e19"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: N44yYV1z9LF8NY--_JAJ8JLAmC4IkaN90CPQCrbN0r4oNq4bJhNZ7w==

GET
H2 200 3.de1eab18.chunk.css
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 264 B
1 KB 213ms
212ms Stylesheet
text/css 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/css/3.de1eab18.chunk.css

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 264
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:20 GMT
server: CloudFront
etag: "93dd495c4928f3ac6efca12654db3b3a"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: D3EQuwLpQlWsC5yFhwX3u9q4xEL8i7FxcRkfAngFD5pn4haOlXF1lA==

GET
H2 200 3.635ee89c.chunk.js Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 450 KB
102 KB 244ms
243ms Script
application/javascript 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/3.635ee89c.chunk.js

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2de6910be75d69bad8e12d140706853b3c485d334e2dad1feb025dae71657b52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:21 GMT
server: CloudFront
etag: W/"5bb2a54bb4effc1aeb33aba86a803da7"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: S51NjzvCoWNQFHJF15JLVqb6sPxHTiFvn29ilhFWAT8LXMlKne2Ejg==

GET
H2 200 5.d93238a8.chunk.js Show response
qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 456 B
1 KB 249ms
249ms Script
application/javascript 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/5.d93238a8.chunk.js

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-98.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

601c2d736158ba6d274f67f051325aed739f90eec83959b7aa328bea80cee3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 456
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 21 Jun 2023 11:12:22 GMT
server: CloudFront
etag: "6cc5e61cdc4d862c0da08a14a40a44a2"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: RtgVCShszJ2wSJZTvyUjpRh4Mqoqro-Du5tCKVCgvzbfjX8vd4C9-A==

OPTIONS
H2 204 proxy
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ Frame 0
0 109ms
26ms Preflight 35.179.99.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=171603911&appName=sfa&environment=default
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.99.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-179-99-36.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,if-none-match
Access-Control-Request-Method: GET
Origin: https://qa.internal.submitforassessment.cambridgeassessment.org.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,if-none-match
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: ETag
access-control-max-age: 172800
date: Sat, 01 Jul 2023 00:22:27 GMT
vary: Access-Control-Request-Headers

GET
H2 200 proxy Show response
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ 239 B
770 B 26ms
26ms Fetch
application/json 35.179.99.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=171603911&appName=sfa&environment=default
Requested by: Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.99.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-179-99-36.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 25277bed5999a04697d2b7f3a8b28aa3b31dda9d71dd87a103a48b28b171458d

Request headers

Accept: application/json
Referer
If-None-Match
accept-language: de-DE,de;q=0.9
Authorization: j8iZYKUOqIutukXvc09XvrToZhhUIn3tgSz53y2snfFQpKlyaUmjsiNa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
etag: W/"ef-fDikMOOGNuxXIHPQiGhFujdLQnU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: public, max-age=2
content-length: 239

GET
H2 200 openid-configuration
openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/ 2 KB
1 KB 271ms
131ms XHR
application/json 13.32.121.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/openid-configuration
Requested by: Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-91.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
content-encoding: gzip
via: 1.1 ed4565467c6c9847b6a3fcb6cec799e4.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 687
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: application/json; charset=utf-8
access-control-allow-origin: https://qa.internal.submitforassessment.cambridgeassessment.org.uk
x-callid: d38d6e904e144e3ca766d7da9733de2d
cache-control: private
access-control-allow-credentials: true
x-server: eu1b-nomad-t3
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: O4_eJLO-tA9VROwrgz3D1Y3a0TedMV9dG56Sj36ozeBdBM3c0J3otw==

GET
H2

200

proxy Show response
proxy.qa.internal.sso.cambridge.org/
Redirect Chain

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fqa.intern...
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+rol...

1 KB
2 KB

64ms
13ms

Document
text/html

108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Requested by

Host: qa.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 99
content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Sat, 01 Jul 2023 00:20:49 GMT
etag: W/"30542a2fd5da6ba72ba88c496aac7f5b"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id: 1-8WLOl41cjNBfV3xjVKUNyE2vrsa29mgG6sJqFRXIflp5fel8S4hg==
x-amz-cf-pop: FRA56-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 0
date: Sat, 01 Jul 2023 00:22:27 GMT
location: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
via: 1.1 91353a8aba9ab05d79e9678e004043bc.cloudfront.net (CloudFront)
x-amz-cf-id: tA6cYvIkXW6qWw_4D78KeS_evE7syLMOQD566gFhVIhPc_otV1TNUA==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-callid: 222211448b9049038402e85430f48bd3
x-error-code: 0
x-robots-tag: none
x-server: eu1b-nomad-t9
x-soa: true, Gator

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 10ms
9ms Script
application/javascript 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 99
x-cache: Hit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: oaD83pSE5YP1RdRIlEBycIbLhfSLoiiI4365h64_pesBMBYcbvnVdg==

GET
H2 200 loader.css
proxy.qa.internal.sso.cambridge.org/css/ 387 B
2 KB 11ms
10ms Stylesheet
text/css 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:51 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 54096
x-cache: Hit from cloudfront
content-length: 387
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "02ecd10b224d4b0e9b9299b18350701c"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: eqSha2KB-wPUxmqGsZu7eUEhQRTDNim0DLHWdilBTtWTaeNhtVVVJg==

GET
H2 200 back_cache_cleanup.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 203 B
1 KB 11ms
10ms Script
application/javascript 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/back_cache_cleanup.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:45 GMT
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 49183
x-cache: Hit from cloudfront
content-length: 203
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "38a9d4dfd48c723df8cef5f1a03c0971"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: BRziLBHBt-cOeLB2X3YtZhjfMrsK048xJe56vza0JJJK8tlRCgVxfg==

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/JS/ 500 KB
164 KB 554ms
286ms Script
text/javascript 18.205.77.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.205.77.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 293e2f4c2c60b43648f774e42852d2dd2a38b53b1c9c564af9112efc31241848

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t5
x-callid: efdf9f80017542838ca9b232c248be64
x-error-code: 0
x-robots-tag: none
content-length: 167934

GET
H/1.1 200
OK gigya.oidc.js Show response
accounts.gigya.com/JS/ 20 KB
7 KB 392ms
115ms Script
text/javascript 18.205.77.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.205.77.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:27 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t8
x-callid: 6a808203013341798c34abf436d161dc
x-error-code: 0
x-robots-tag: none
content-length: 6667

GET
H2 200 spinner.svg
proxy.qa.internal.sso.cambridge.org/assets/ 640 B
2 KB 9ms
9ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/spinner.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 99
x-cache: Hit from cloudfront
content-length: 640
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: "f143559003fc6e3c7bd0a7966a7e2491"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: UJAgSKzKQs6DTSKGvu1rvxP6b29xGlgNn_nffQfjNhtdBFUxysM8qA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
42 KB 86ms
27ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc97b9805603f71552a0cccb7c059db086fc9aa55814d2f3f524ccac92ecdaab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42866
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 01 Jul 2023 00:22:28 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
518 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:22:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:53:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:22:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
81 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bca684e82066141015e913884818fe7d188663160d8eb8ec1fe6d988e25b1c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82824
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 01 Jul 2023 00:22:28 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
268 B 50ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1279525162&cid=427960883.1688170948&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1688170948&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Jul 2023 00:22:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 63ms
12ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:28 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H2 200 Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame 2501 121 KB
43 KB 35ms
13ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:28 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 62ee47c3c7dc402ca00d876551419bc5
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t4
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 2501 6 KB
2 KB 8ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:28 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H2 200 accounts.webSdkBootstrap Show response
openid.qa.internal.sso.cambridge.org/ 199 B
1 KB 306ms
168ms XHR
text/javascript 13.32.121.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.internal.sso.cambridge.org/accounts.webSdkBootstrap?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&pageURL=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&sdk=js_latest&sdkBuild=13987&format=json
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-91.fra60.r.cloudfront.net
Software: /
Resource Hash: f32ca4ed6fc8e9ef2c41d2efe1eadc34297d43254211be2cf92cf970d3745697

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:28 GMT
content-encoding: gzip
via: 1.1 91353a8aba9ab05d79e9678e004043bc.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 172
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
x-callid: d0efab9096cb42ec902b7ed6ed6f3006
cache-control: private
access-control-allow-credentials: true
x-server: eu1b-nomad-t8
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: pmycQCbFYPdCG1dGcwzTSgmYun2EZddpK6zlgveYJ7obTULbblEYSA==

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 2150 93 KB
32 KB 15ms
14ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:29 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame BC3F 93 KB
32 KB 12ms
7ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:29 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 2150 6 KB
2 KB 19ms
11ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame BC3F 6 KB
2 KB 9ms
8ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 Primary Request login Show response
proxy.qa.internal.sso.cambridge.org/ 866 B
2 KB 9ms
9ms Document
text/html 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/login

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

b3cb958c763e40d68d9ac3c63b676de4ad1b32d0e642a205fecaadf200a9abe3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 49182
content-length: 866
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Fri, 30 Jun 2023 10:42:48 GMT
etag: "8ce8b59496aee2ded64d5660a9bf3e70"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id: 7xeZMv_ksRaAerQnAKqvIWUfg1jb3H7z0qWnTElOjvU1apzyWIGGMA==
x-amz-cf-pop: FRA56-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET sso.htm
cdns.eu1.gigya.com/gs/ Frame BDFE 0
0

POST collect
region1.google-analytics.com/g/ 0
0

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/js/ 500 KB
164 KB 415ms
415ms Script
text/javascript 18.205.77.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.205.77.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 293e2f4c2c60b43648f774e42852d2dd2a38b53b1c9c564af9112efc31241848

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t7
x-callid: 2f08557dc8e640c294954f36017d3c3e
x-error-code: 0
x-robots-tag: none
content-length: 167934

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 11ms
10ms Script
application/javascript 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 101
x-cache: Hit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: sjZUslsgZ4O60YF6oipmtc-EAWPRtzff9RRtbC17swUg_tSfYSf1Xg==

GET
H2 200 constants.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 666 B
2 KB 10ms
9ms Script
application/javascript 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/constants.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

31ce1a469a82b6529e12267ea27792addd9284a3b769eb8789551516f52b0448

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:48 GMT
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 49182
x-cache: Hit from cloudfront
content-length: 666
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "bef83bc451aa5912bda92b7264049966"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: psXQDI6G5EJan_eA-Ds7ogh36l4IXfW9N2Tn2bp41wgbtE9i_r5PXw==

GET
H2 200 loginUtils.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 3 KB
2 KB 343ms
342ms Script
application/javascript 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/loginUtils.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

59d3a762b8633b4cc9aa5b9d68fc4810aa63ae31723615e21408303adfd2f057

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: W/"635ff0cc57a85419561b55894c66bf46"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: 7OjHfJ1PiYs2IHmzNWbKEIo8_8JdjLg635rUAxpPOxqtXRoPkmsbbA==

GET
H2 200 login.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 341 B
1 KB 276ms
276ms Script
application/javascript 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/login.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

3a213b9803edeb8427b9361ac14abbba4dce40daf744f057158190e3bae93233

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:30 GMT
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
content-length: 341
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "986f27a6adcc3062fb06b57457fa31dd"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: jQRbvqs1ONChflbsIngqoSH1gIqAo0qfo407Lc3SDXfS6cfSZf00iA==

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 8ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
42 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae943b05dcc0ce275872fd5cb9155ae2638aafa4df35f3aa29d467e5cc80e72c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42858
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 01 Jul 2023 00:22:29 GMT

GET
H2 200 _a_gooYPMTmWpZ_BXOn9qqpc Show response
orgs.qa.internal.sso.cambridge.org/client/ 45 B
165 B 166ms
98ms Fetch
application/json 18.169.210.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://orgs.qa.internal.sso.cambridge.org/client/_a_gooYPMTmWpZ_BXOn9qqpc
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/loginUtils.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.210.15 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-210-15.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 938bbc57164ca1406278f7dd6873bf9613774436c49c4477afeab46de72c1e35

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 01 Jul 2023 00:22:30 GMT
content-length: 45
apigw-requestid: HW62_jh4rPEEPpQ=
content-type: application/json

GET
H2 200 Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame 8DAE 121 KB
43 KB 12ms
12ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:29 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 62ee47c3c7dc402ca00d876551419bc5
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t4
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 8DAE 6 KB
2 KB 8ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
81 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

27bd351c321be96803475464a68f02b838150d6693b9ad46172ef086867dcc6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82826
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 01 Jul 2023 00:22:30 GMT

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 19FB 93 KB
32 KB 9ms
8ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:30 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 23CE 93 KB
32 KB 8ms
8ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:30 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 19FB 6 KB
2 KB 8ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 23CE 6 KB
2 KB 8ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 17ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1024880233&cid=427960883.1688170948&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1688170948&sct=1&seg=1&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Flogin&dt=Cambridge%20Login&en=page_view
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Jul 2023 00:22:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK gigya.services.plugins.base.min.js Show response
accounts.gigya.com/js/ 577 KB
174 KB 120ms
120ms Script
text/javascript 18.205.77.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.services.plugins.base.min.js?services=gigya.services.accounts.plugins.screenSet&lang=en&version=latest
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.205.77.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 6255d3928bafd4525699c8ad2b13f6c57ddf7395ceeb0f6c225a09c10620ff49

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t9
x-callid: cc516f499bed476caf4e1d13ff01bfef
x-error-code: 0
x-robots-tag: none
content-length: 178061

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 9E8E 93 KB
32 KB 8ms
7ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:22:30 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 9E8E 6 KB
2 KB 9ms
9ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 accounts.getScreenSets Show response
openid.qa.internal.sso.cambridge.org/ 305 KB
56 KB 156ms
155ms XHR
text/javascript 13.32.121.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.internal.sso.cambridge.org/accounts.getScreenSets?screenSetIDs=CambridgeLogin-RegistrationLogin&include=html%2Ccss%2Cjavascript%2Ctranslations%2C&lang=en&APIKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Flogin&sdkBuild=13987&format=json&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-91.fra60.r.cloudfront.net
Software: /
Resource Hash: a247d78307ea6bca0fcc76465b4a3fbf93882573b93bc18860e31ae4868d80d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:29 GMT
content-encoding: gzip
via: 1.1 91353a8aba9ab05d79e9678e004043bc.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 56485
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
x-callid: a024aa3cc6214ac78c68efe8ab9f5779
cache-control: private
access-control-allow-credentials: true
x-server: eu1a-nomad-t1
vary: Origin,Accept-Encoding
x-robots-tag: none
x-amz-cf-id: hO4-uu-VxF091o_8BXgEgYlA-ujJhPcUIH1vMpFVxX5-GjtSFseUOA==

GET
H3 200 css2
fonts.googleapis.com/ 10 KB
790 B 30ms
30ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

029bb5d248019deb70476021d41809a4922c550bd730d66cfa1c3f6840bbee75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 23:48:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:22:30 GMT

GET
H3 200 css2
fonts.googleapis.com/ 8 KB
603 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3dd5fbdf219d660d206f06bd5e0b4aaf1298c6f795a196ddceb3a69526947f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 23:02:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:22:30 GMT

GET
H3 200 icon
fonts.googleapis.com/ 569 B
366 B 23ms
23ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:22:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:22:30 GMT

GET
H2 200 CambridgePressAssessmentLogo.svg
proxy.qa.internal.sso.cambridge.org/assets/ 147 KB
58 KB 10ms
9ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/CambridgePressAssessmentLogo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

93035f19fba8a6a8fe5aa92f085a19f164444e215896d52d0bd8a763670ce946

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:58 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 54093
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"afad4c0fd68e2165d20647f207071223"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: z_8l1ZeKZ9t2hIqTANzW27E_G_M9JClLNj7AXIJ4J6W-GiHDZ33oHA==

GET
H2 200 staffAccountSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 146 KB
56 KB 215ms
215ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/staffAccountSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

0135dfbfabdcc3b666a123269e2bf6b73d2bba7b9498b92c7ea80d32799c03d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:31 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"dd33a40f5a91c7a7de45e35c56864052"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: txotwRC9PBdxk7OKSahad8qEonUmQhxySnrCSsOk9a3myo5lIWp6hA==

GET
H/1.1 200
OK gigya.services.socialize.plugins.login_v2.min.js Show response
accounts.gigya.com/js/ 61 KB
19 KB 106ms
105ms Script
text/javascript 18.205.77.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.services.socialize.plugins.login_v2.min.js?lang=en&version=latest
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.205.77.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 61c182c95dd0c09f8f25727f809c7daed9efe96c20d4fe7b26cbf0463a3e9ae8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t9
x-callid: 4c87096e4bf3427f9d45777d5b8ce3d1
x-error-code: 0
x-robots-tag: none
content-length: 18835

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 51ms
15ms Font
font/woff2 2a00:1450:4001:806::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://proxy.qa.internal.sso.cambridge.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:31:10 GMT
x-content-type-options: nosniff
age: 557480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 13:31:10 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 15 KB
15 KB 67ms
31ms Font
font/woff2 2a00:1450:4001:806::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://proxy.qa.internal.sso.cambridge.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 365429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:52:01 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 14 KB
15 KB 63ms
27ms Font
font/woff2 2a00:1450:4001:806::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://proxy.qa.internal.sso.cambridge.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 365429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:52:01 GMT

GET
H2 200 facebookSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 8 KB
4 KB 10ms
9ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/facebookSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2ff3d18561746c163cfd077f333a92f70db5ab24835cd0e8e9ca384e1fbd86e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:58 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 54093
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"1fe3618466992908d0832f47565bcff8"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: boEcN0lEpiozl1W5l3ruYd7bGG7YcTTjJBURx7-G-yJrtNHtp4tI0g==

GET
H2 200 googleSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 9 KB
5 KB 11ms
10ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/googleSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

9a37f16657c987d4c8522be91253e750908ee76772ec7449fe190c5a3dceddce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:58 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 54093
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"57a0a02bc947df18c15feeff5581f9cd"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: tRgu6KduVuL-Aei215j2mj-Spyzq1niFcQS6ZJiLNUlDXPuENy50hw==

GET
H2 200 appleSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 12 KB
6 KB 12ms
11ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/appleSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

f0d48b46d5263a011ccb2015efe852afea12cb1bc68883ced508d86c605cf594

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:50 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 49181
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"df2aba54eaa236cfe3e724372e141f8b"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: SO9vveILYWOxzlRVhwixw_A_VnCFRTC0irnwW-NH5fbz2-uYfV_LEg==

GET
H2 200 microsoftSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 8 KB
4 KB 196ms
195ms Image
image/svg+xml 108.138.7.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/microsoftSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-44.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

4b41ba703b52195e14577eabf218b29d84c5676417797c7453598c6b3dcfd745

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:31 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"008d26dd4f342de2f5b896a5676583c1"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: M9VyRtEy_0Be-za9eDjhgs_ldUi5rrmmsrDMfLt303AeLUv3EL0B6A==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1279525162&cid=427960883.1688170948&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1688170948&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=scroll&epn.percent_scrolled=90&_et=7

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1279525162&cid=427960883.1688170948&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1688170948&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=user_engagement&_et=1011

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cambridge.org/	1970-01-20 22:32:10	Name: _ga Value: GA1.1.427960883.1688170948
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary Value: false
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 14068-3-28136175
.openid.qa.internal.sso.cambridge.org/	1970-01-20 21:43:13	Name: gmid Value: gmid.ver4.AcbHe2KN4w.TqcWFV7QgtDnSq6MxiTt89O89rZ0edtYAcmJQxjnlh_vaLpqd8_bwl5JJHx5ZVK3.qKlGgda3xhc4hRDcSw4ny565ZXdQVV40sXZkB-V0_iNofBjr20DUE2tviqx3CMpqi28zu1WEMC0Qjw5idxBp1w.sc3
.openid.qa.internal.sso.cambridge.org/	1970-01-20 21:43:13	Name: ucid Value: D8QizVxwRLTZ_AeJ_cBTiQ
.openid.qa.internal.sso.cambridge.org/	1970-01-20 17:21:12	Name: hasGmid Value: ver4
.qa.internal.sso.cambridge.org/	1970-01-20 21:41:46	Name: gig_bootstrap_3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit Value: openid_ver4
.cdns.eu1.gigya.com/	1970-01-20 21:41:46	Name: gig_canary_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: false
.cdns.eu1.gigya.com/	1970-01-20 21:41:46	Name: gig_canary_ver_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: 14068-3-28136175
.cdns.eu1.gigya.com/	1970-01-20 21:41:46	Name: apiDomain_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: openid.qa.internal.sso.cambridge.org
.cambridge.org/	1970-01-20 22:32:10	Name: _ga_QBZ91CH3NC Value: GS1.1.1688170948.1.1.1688170950.0.0.0

233 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://qa.internal.submitforassessment.cambridgeassessment.org.uk/ Message: The Content Security Policy directive 'sandbox' is ignored when delivered in a report-only policy.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.ERr5h8lyL65Uv8lzJm2TUax4vOPYyPkbUaCehOxxdDk.1688171547&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/login Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.gigya.com
cdns.eu1.gigya.com
fonts.googleapis.com
fonts.gstatic.com
openid.qa.internal.sso.cambridge.org
openid.qa.sso.cambridge.org
orgs.qa.internal.sso.cambridge.org
proxy.qa.internal.sso.cambridge.org
qa.internal.submitforassessment.cambridgeassessment.org.uk
region1.google-analytics.com
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk
www.googletagmanager.com
cdns.eu1.gigya.com
region1.google-analytics.com
108.138.7.44
13.32.121.91
18.169.210.15
18.205.77.36
184.30.16.250
2001:4860:4802:34::36
2a00:1450:4001:806::2003
2a00:1450:4001:828::200a
2a00:1450:4001:831::2008
35.179.99.36
52.222.214.98
0135dfbfabdcc3b666a123269e2bf6b73d2bba7b9498b92c7ea80d32799c03d3
029bb5d248019deb70476021d41809a4922c550bd730d66cfa1c3f6840bbee75
074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08
1f565149e781847ed5ac65cd034542cbd320faad6780d5c875d073ce1ffa4e18
25277bed5999a04697d2b7f3a8b28aa3b31dda9d71dd87a103a48b28b171458d
27bd351c321be96803475464a68f02b838150d6693b9ad46172ef086867dcc6e
293e2f4c2c60b43648f774e42852d2dd2a38b53b1c9c564af9112efc31241848
2de6910be75d69bad8e12d140706853b3c485d334e2dad1feb025dae71657b52
2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85
2ff3d18561746c163cfd077f333a92f70db5ab24835cd0e8e9ca384e1fbd86e7
31ce1a469a82b6529e12267ea27792addd9284a3b769eb8789551516f52b0448
348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d
37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a
3a213b9803edeb8427b9361ac14abbba4dce40daf744f057158190e3bae93233
3dd5fbdf219d660d206f06bd5e0b4aaf1298c6f795a196ddceb3a69526947f66
4b41ba703b52195e14577eabf218b29d84c5676417797c7453598c6b3dcfd745
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153
59d3a762b8633b4cc9aa5b9d68fc4810aa63ae31723615e21408303adfd2f057
601c2d736158ba6d274f67f051325aed739f90eec83959b7aa328bea80cee3b2
61c182c95dd0c09f8f25727f809c7daed9efe96c20d4fe7b26cbf0463a3e9ae8
6255d3928bafd4525699c8ad2b13f6c57ddf7395ceeb0f6c225a09c10620ff49
7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7d6dd10a11406e30de344c9f16e9a67aecf1ee98199ba738fec69021af4ea860
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504
8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9
93035f19fba8a6a8fe5aa92f085a19f164444e215896d52d0bd8a763670ce946
938bbc57164ca1406278f7dd6873bf9613774436c49c4477afeab46de72c1e35
9528cdc606915346d06c8fd44db12b486794d8bbc0853f130fc86d28bd951ba4
9a37f16657c987d4c8522be91253e750908ee76772ec7449fe190c5a3dceddce
9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862
a247d78307ea6bca0fcc76465b4a3fbf93882573b93bc18860e31ae4868d80d0
a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3
ae943b05dcc0ce275872fd5cb9155ae2638aafa4df35f3aa29d467e5cc80e72c
b3cb958c763e40d68d9ac3c63b676de4ad1b32d0e642a205fecaadf200a9abe3
bca684e82066141015e913884818fe7d188663160d8eb8ec1fe6d988e25b1c2a
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6
cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b
d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e431739e17e6a3a37485fac2636d51160da720146a1d6d63f1697f88dfef8bd0
ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27
f0d48b46d5263a011ccb2015efe852afea12cb1bc68883ced508d86c605cf594
f32ca4ed6fc8e9ef2c41d2efe1eadc34297d43254211be2cf92cf970d3745697
fc97b9805603f71552a0cccb7c059db086fc9aa55814d2f3f524ccac92ecdaab

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro 108.138.7.44 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

69 Requests

96 %HTTPS

36 %IPv6

7 Domains

12 Subdomains

12 IPs

3 Countries

2325 kBTransfer

8536 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.44 Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

96 %
HTTPS

36 %
IPv6

7
Domains

12
Subdomains

12
IPs

3
Countries

2325 kB
Transfer

8536 kB
Size

11
Cookies

69 HTTP transactions
0 data transactions