urlscan.io logo urlscan.io
SecurityTrails logo

my.phs.co.uk Open in urlscan Pro
20.50.64.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://myphs.phs.co.uk/
Effective URL: https://my.phs.co.uk/login?returnUrl=%2F
Submission: On March 26 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 20.50.64.1, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is my.phs.co.uk.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 5th 2023. Valid for: a year.
This is the only time my.phs.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 6 20.50.64.1 8075 (MICROSOFT...)
2 20.50.64.13 8075 (MICROSOFT...)
6 3
Apex Domain
Subdomains		 Transfer
6 phs.co.uk
myphs.phs.co.uk
my.phs.co.uk
278 KB
2 azurewebsites.net
phs-myphs-cmsapp-production.azurewebsites.net
892 KB
6 2
Domain Requested by
5 my.phs.co.uk 1 redirects my.phs.co.uk
2 phs-myphs-cmsapp-production.azurewebsites.net my.phs.co.uk
1 myphs.phs.co.uk 1 redirects
6 3

This site contains links to these domains. Also see Links.

Domain
www.phs.co.uk
twitter.com
www.linkedin.com
www.youtube.com
www.glassdoor.co.uk
Subject Issuer Validity Valid
my.phs.co.uk
Go Daddy Secure Certificate Authority - G2		 2023-11-05 -
2024-12-06		 a year crt.sh
*.azurewebsites.net
Microsoft Azure RSA TLS Issuing CA 07		 2024-03-13 -
2025-03-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://my.phs.co.uk/login?returnUrl=%2F
Frame ID: 79C3D1A85F4AF705E618EDACF4436DFF
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://myphs.phs.co.uk/ HTTP 301
    https://my.phs.co.uk/ HTTP 302
    https://my.phs.co.uk/login?returnUrl=%2F Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

1167 kB
Transfer

1787 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://myphs.phs.co.uk/ HTTP 301
    https://my.phs.co.uk/ HTTP 302
    https://my.phs.co.uk/login?returnUrl=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
my.phs.co.uk/
Redirect Chain
  • https://myphs.phs.co.uk/
  • https://my.phs.co.uk/
  • https://my.phs.co.uk/login?returnUrl=%2F
60 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.phs.co.uk/login?returnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.64.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a54e30765a2119ff13b21b20cd7893be9db89d60d5420be62f8fa16286f0af07
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-GB,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Content-Type
text/html; charset=utf-8
Date
Tue, 26 Mar 2024 09:46:23 GMT
Pragma
no-cache
Referrer-Policy
same-origin
Request-Context
appId=cid-v1:e250741f-5d9c-4afb-be53-8742d479e8b5
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Content-Length
0
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Date
Tue, 26 Mar 2024 09:46:23 GMT
Location
https://my.phs.co.uk/login?returnUrl=%2F
Referrer-Policy
same-origin
Request-Context
appId=cid-v1:e250741f-5d9c-4afb-be53-8742d479e8b5
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
styles.css
my.phs.co.uk/ 		129 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.phs.co.uk/styles.css?v=QPrV0LaSpho5xkt4mgTx4bqLIsRERdRaZDRnUEqb6X8
Requested by
Host: my.phs.co.uk
URL: https://my.phs.co.uk/login?returnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.64.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
40fad5d0b692a61a39c64b789a04f1e1ba8b22c44445d45a643467504a9be97f
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.phs.co.uk/login?returnUrl=%2F
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 26 Mar 2024 09:46:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:e250741f-5d9c-4afb-be53-8742d479e8b5
Referrer-Policy
same-origin
Last-Modified
Fri, 13 Oct 2023 08:56:06 GMT
Server
Microsoft-IIS/10.0
ETag
"1d9fdb319e9d2d4"
X-Download-Options
noopen
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Accept-Ranges
bytes
index.bundle.js
my.phs.co.uk/ 		707 KB
217 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.phs.co.uk/index.bundle.js?v=92Nuo-_h6iZ_6n7tHHGPb5qTrhn49S7ZVqWh4ukn750
Requested by
Host: my.phs.co.uk
URL: https://my.phs.co.uk/login?returnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.64.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
8746d99dff756354c46ed9b2f102f5b67ab24b396af5b2f967acebd47e252efa
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.phs.co.uk/login?returnUrl=%2F
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 26 Mar 2024 09:46:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:e250741f-5d9c-4afb-be53-8742d479e8b5
Referrer-Policy
same-origin
Last-Modified
Thu, 14 Dec 2023 15:28:29 GMT
Server
Microsoft-IIS/10.0
ETag
"1da2ea2304a06c5"
X-Download-Options
noopen
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Accept-Ranges
bytes
truncated
/ 		154 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f050acf5e223238c9c45e14aba925fc0015946f5f0d5fbf5393372746a99f8bb

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
landing-page-1.jpg
phs-myphs-cmsapp-production.azurewebsites.net/media/n34psqei/ 		688 KB
689 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phs-myphs-cmsapp-production.azurewebsites.net/media/n34psqei/landing-page-1.jpg?rxy=0.3002835235128982,0.45964810857172644&width=2000&height=500&rnd=133470405551900000
Requested by
Host: my.phs.co.uk
URL: https://my.phs.co.uk/login?returnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.64.13 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bdbb2fc51972814947cd5efa45e6a99bfeb8c481fb21f7e68d0d3a6395254bdc
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://phs-myphs-cmsapp-production.azurewebsites.net;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://phs-myphs-cmsapp-production.azurewebsites.net;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://phsmyphsdevelopment.blob.core.windows.net https://www.gravatar.com https://dashboard.umbraco.org https://umbraco.tv https://dashboard.umbraco.com;media-src 'none';frame-src 'self' https://www.google.com https://phs-myphs-cmsapp-production.azurewebsites.net;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://phs-myphs-cmsapp-production.azurewebsites.net;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 09:46:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
no-referrer
last-modified
Tue, 04 Jul 2023 17:23:25 GMT
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://phs-myphs-cmsapp-production.azurewebsites.net;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://phs-myphs-cmsapp-production.azurewebsites.net;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://phsmyphsdevelopment.blob.core.windows.net https://www.gravatar.com https://dashboard.umbraco.org https://umbraco.tv https://dashboard.umbraco.com;media-src 'none';frame-src 'self' https://www.google.com https://phs-myphs-cmsapp-production.azurewebsites.net;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://phs-myphs-cmsapp-production.azurewebsites.net;frame-ancestors 'none';report-uri /security/api/csp/reporturi
etag
"1d9ae9c3d4b2585"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=604800, immutable
accept-ranges
bytes
content-length
704773
x-xss-protection
1; mode=block
request-context
appId=cid-v1:86df239a-a7fd-4add-b96f-3e08a5e90204
landing-page-1.jpg
phs-myphs-cmsapp-production.azurewebsites.net/media/n34psqei/ 		200 KB
203 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phs-myphs-cmsapp-production.azurewebsites.net/media/n34psqei/landing-page-1.jpg?rxy=0.3002835235128982,0.45964810857172644&width=500&height=500&rnd=133470405551900000
Requested by
Host: my.phs.co.uk
URL: https://my.phs.co.uk/login?returnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.64.13 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b0dc564e8de7724a5f2516c5e86472adf21fd8e249d12d5e647da8c1e7136f46
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://phs-myphs-cmsapp-production.azurewebsites.net;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://phs-myphs-cmsapp-production.azurewebsites.net;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://phsmyphsdevelopment.blob.core.windows.net https://www.gravatar.com https://dashboard.umbraco.org https://umbraco.tv https://dashboard.umbraco.com;media-src 'none';frame-src 'self' https://www.google.com https://phs-myphs-cmsapp-production.azurewebsites.net;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://phs-myphs-cmsapp-production.azurewebsites.net;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 09:46:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
no-referrer
last-modified
Tue, 04 Jul 2023 17:23:25 GMT
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://phs-myphs-cmsapp-production.azurewebsites.net;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://phs-myphs-cmsapp-production.azurewebsites.net;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://phsmyphsdevelopment.blob.core.windows.net https://www.gravatar.com https://dashboard.umbraco.org https://umbraco.tv https://dashboard.umbraco.com;media-src 'none';frame-src 'self' https://www.google.com https://phs-myphs-cmsapp-production.azurewebsites.net;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://phs-myphs-cmsapp-production.azurewebsites.net;frame-ancestors 'none';report-uri /security/api/csp/reporturi
etag
"1d9ae9c3d42c54e"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=604800, immutable
accept-ranges
bytes
content-length
205262
x-xss-protection
1; mode=block
request-context
appId=cid-v1:86df239a-a7fd-4add-b96f-3e08a5e90204
favicon-32x32.png
my.phs.co.uk/assets/icons/ 		2 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://my.phs.co.uk/assets/icons/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.64.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
db8952d4a65cf39176df248aef6652b3007938ec8508fc78bacc5ab0aae2d4e0
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.phs.co.uk/login?returnUrl=%2F
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 26 Mar 2024 09:46:25 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Last-Modified
Fri, 13 Oct 2023 08:56:06 GMT
Server
Microsoft-IIS/10.0
Content-Security-Policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
ETag
"1d9fdb319ebd1c3"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
1731
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:e250741f-5d9c-4afb-be53-8742d479e8b5

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal object| userId function| hj object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill

6 Cookies

Domain/Path Name / Value
.myphs.phs.co.uk/ Name: ARRAffinity
Value: 7483eb2d3919b7b23431a483956eeaf768aaccce6ba8dd8bfdfe5446af875043
.myphs.phs.co.uk/ Name: ARRAffinitySameSite
Value: 7483eb2d3919b7b23431a483956eeaf768aaccce6ba8dd8bfdfe5446af875043
.my.phs.co.uk/ Name: ARRAffinity
Value: 7483eb2d3919b7b23431a483956eeaf768aaccce6ba8dd8bfdfe5446af875043
.my.phs.co.uk/ Name: ARRAffinitySameSite
Value: 7483eb2d3919b7b23431a483956eeaf768aaccce6ba8dd8bfdfe5446af875043
my.phs.co.uk/ Name: MyPhsAF
Value: CfDJ8DYvREjPJ31ElcPa6tBXlBTFaVo0r66z3AO-mRngvTFlYm8tVczWvjB_y1EU76O_tgKEU4aczf4YUax5sYwb9szxdUfal-iOgslHJlQMRI3Gq_ankCNnpxXaUdA2T05-ozOvUtG-4Ifw5xyG8Ggy-Hs
.phs-myphs-cmsapp-production.azurewebsites.net/ Name: ARRAffinitySameSite
Value: 27310f6842b9e2a737bf8f7a96ffeb59b966d2651da7e4aabc70a1572e1d1718

2 Console Messages

Source Level URL
Text
other warning URL: https://my.phs.co.uk/login?returnUrl=%2F
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.phs.co.uk/login?returnUrl=%2F
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securetoken.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://code.jquery.com https://az416426.vo.msecnd.net https://myphs.phs.co.uk https://www.phs.co.uk https://static.hotjar.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://myphs.phs.co.uk https://www.phs.co.uk;img-src 'self' data: https://www.google.com https://www.google.co.uk https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net https://p.typekit.net https://phs-myphs-cmsapp-production.azurewebsites.net https://storagemyphsproduction.blob.core.windows.net https://myphs.phs.co.uk https://www.phs.co.uk https://phscorporateproduction.blob.core.windows.net https://script.hotjar.com;media-src 'none';frame-src 'self' https://www.google.com https://vars.hotjar.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com;connect-src 'self' https://securetoken.googleapis.com https://www.googleapis.com https://performance.typekit.net https://cloud.hopewiser.com https://dc.services.visualstudio.com/v2/track *.in.applicationinsights.azure.com https://www.payphs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://region1.analytics.google.com;frame-ancestors 'none';report-uri /security/api/csp/reporturi
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block