urlscan.io logo urlscan.io
SecurityTrails logo

shopping.mileageplus.com Open in urlscan Pro
52.203.10.166  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click.mileageplusshoppingnews.com/?qs=23786bbcc2130572346b53f858cf647678c98ecf4ccd5abc1e379f2d94487bbfcefa838365645913b669479c2c2d...
Effective URL: https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source...
Submission: On April 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 52.203.10.166, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is shopping.mileageplus.com. The Cisco Umbrella rank of the primary domain is 195442.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 24th 2022. Valid for: a year.
This is the only time shopping.mileageplus.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 66.231.91.47 22606 (EXACT-7)
1 2 52.203.10.166 14618 (AMAZON-AES)
12 2a04:4e42:600... 54113 (FASTLY)
13 2
Apex Domain
Subdomains		 Transfer
12 fastly.net
cartera-cdn.freetls.fastly.net — Cisco Umbrella Rank: 129653
324 KB
2 mileageplus.com
shopping.mileageplus.com — Cisco Umbrella Rank: 195442
2 KB
1 mileageplusshoppingnews.com
click.mileageplusshoppingnews.com — Cisco Umbrella Rank: 721049
417 B
13 3
Domain Requested by
12 cartera-cdn.freetls.fastly.net shopping.mileageplus.com
cartera-cdn.freetls.fastly.net
2 shopping.mileageplus.com 1 redirects
1 click.mileageplusshoppingnews.com 1 redirects
13 3

This site contains no links.

Subject Issuer Validity Valid
shopping.mileageplus.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-24 -
2023-02-24		 a year crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-27 -
2022-05-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1
Frame ID: D65E86BA04372804B1C68E0277A492CF
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

European Economic Area - Shop Online at United MileagePlus Shopping

Page URL History Show full URLs

  1. http://click.mileageplusshoppingnews.com/?qs=23786bbcc2130572346b53f858cf647678c98ecf4ccd5abc1e379f2d94487bbfcefa8383... HTTP 302
    http://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email... HTTP 301
    https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • require.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

326 kB
Transfer

1686 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click.mileageplusshoppingnews.com/?qs=23786bbcc2130572346b53f858cf647678c98ecf4ccd5abc1e379f2d94487bbfcefa838365645913b669479c2c2d63496e78a0c60eb0556f6e425aebf634f691 HTTP 302
    http://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1 HTTP 301
    https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request me____.htm
shopping.mileageplus.com/
Redirect Chain
  • http://click.mileageplusshoppingnews.com/?qs=23786bbcc2130572346b53f858cf647678c98ecf4ccd5abc1e379f2d94487bbfcefa838365645913b669479c2c2d63496e78a0c60eb0556f6e425aebf634f691
  • http://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=N...
  • https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=...
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.10.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-10-166.compute-1.amazonaws.com
Software
Apache /
Resource Hash
6c20355b48fb1ac941ea405ac504cf89132ff77896b386ddbd8aa7bf61b5dd7e
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control
private no-cache
content-encoding
gzip
content-length
1093
content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-type
text/html; charset=iso-8859-1
date
Mon, 04 Apr 2022 15:12:03 GMT
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
134
Content-Type
text/html
Date
Mon, 04 Apr 2022 15:12:02 GMT
Location
https://shopping.mileageplus.com:443/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1
Server
awselb/2.0
main.css
cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/ 		1 MB
123 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Requested by
Host: shopping.mileageplus.com
URL: https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
86a11b7f1efd020ac13061c5cfd5a16ad3d4000fa5692b516aa17ae3c3b8e9eb
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
448582
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
125680
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:54:59 GMT
server
Apache
x-timer
S1649085123.422059,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
text/css
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 10:35:41 GMT
require.js
cartera-cdn.freetls.fastly.net/images/core/js/libs/ 		81 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Requested by
Host: shopping.mileageplus.com
URL: https://shopping.mileageplus.com/me____.htm?gmid=1589&mbid=UANOCRD&source=mn|UA|ALL|mn|NA|em|ACQ|DripT1|email|20210407&utm_source=mn&utm_medium=em&utm_campaign=DripT1&utm_content=email&chan=mn&seg=NA&med=em&strm=ACQ&cam=DripT1&cont=email&end=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
7a10cbce6ec24bc6769d7a8de5f99620c1635dbead60712225404dde13d424f9
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447012
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
20489
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085123.422166,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:51 GMT
logo.svg
cartera-cdn.freetls.fastly.net/images/orgs/united/imgs/ 		31 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cartera-cdn.freetls.fastly.net/images/orgs/united/imgs/logo.svg
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
289edead40d89ceb25b9d27fc84732d6e3ecc2085660b0d5e1eb9b30eb9b5d75
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447597
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
12102
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:54:59 GMT
server
Apache
x-timer
S1649085124.505606,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 10:52:06 GMT
GDPR-Flags.svg
cartera-cdn.freetls.fastly.net/images/core/imgs/ 		146 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/imgs/GDPR-Flags.svg
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
422eb7dbc349a13c6f342b18772be571d72d8e4e94eb6d54d1e83914f782a031
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447012
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
46559
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.505529,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:51 GMT
OpenSans-Semibold-webfont.woff
cartera-cdn.freetls.fastly.net/images/core/fonts/OpenSans/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/fonts/OpenSans/OpenSans-Semibold-webfont.woff
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
fa397147e99a847c9d22d751a54028e0294da9a4a9161f9b2073cf7025a5ebdc
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Origin
https://shopping.mileageplus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447597
via
1.1 varnish
x-cache
HIT
access-control-max-age
86400
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
20509
x-xss-protection
1; mode=block
x-served-by
cache-hhn4075-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.544741,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 29 Apr 2022 10:52:06 GMT
OpenSans-Regular-webfont.woff
cartera-cdn.freetls.fastly.net/images/orgs/united/fonts/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/orgs/united/fonts/OpenSans-Regular-webfont.woff
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cartera-cdn.freetls.fastly.net/images/orgs/united/a30fe/main.css
Origin
https://shopping.mileageplus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447597
via
1.1 varnish
x-cache
HIT
access-control-max-age
86400
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
22558
x-xss-protection
1; mode=block
x-served-by
cache-hhn4075-HHN
last-modified
Mon, 21 Mar 2022 20:54:59 GMT
server
Apache
x-timer
S1649085124.544860,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 29 Apr 2022 10:52:06 GMT
gdprSelfSelect.js
cartera-cdn.freetls.fastly.net/images/core/js/utils/ 		2 KB
726 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/utils/gdprSelfSelect.js
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
9ef45ef387384c06ac7ecff45ce89cb555ffa97dce8c640bc08f4d88b35d5101
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447012
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
662
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.550275,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:51 GMT
base.js
cartera-cdn.freetls.fastly.net/images/core/js/require-config/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/require-config/base.js
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
72a1aa8d3cfe4d97ebc51d008962dba7510e1d21e150561b429a2247ceb9ce6a
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447012
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1015
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.574566,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:51 GMT
jquery-2.1.4.js
cartera-cdn.freetls.fastly.net/images/core/js/libs/ 		245 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/libs/jquery-2.1.4.js
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
86709d394e98e842b99d0cbf5c35e7b17ec280386e5796e821eeebce4f7672a6
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447011
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
74632
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.600832,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:52 GMT
sha256.min.js
cartera-cdn.freetls.fastly.net/images/core/js/libs/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/libs/sha256.min.js
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447011
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
3593
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.600902,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:52 GMT
jquery.cookie.js
cartera-cdn.freetls.fastly.net/images/core/js/plugins/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/plugins/jquery.cookie.js
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
4e8a64a75099e9b709b72bdd614d14bf25b45b5061b5493f8ad083a5a2051113
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447011
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
897
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.601245,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:52 GMT
cookieHelper.js
cartera-cdn.freetls.fastly.net/images/core/js/utils/ 		422 B
340 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cartera-cdn.freetls.fastly.net/images/core/js/utils/cookieHelper.js
Requested by
Host: cartera-cdn.freetls.fastly.net
URL: https://cartera-cdn.freetls.fastly.net/images/core/js/libs/require.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
8d39d769ec3a94b982711afbce265c05e3566a569a01615a21a0542c3bc59d30
Security Headers
Name Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shopping.mileageplus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
content-encoding
gzip
age
447011
x-cache
HIT
x-cache-hits
1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
217
x-xss-protection
1; mode=block
x-served-by
cache-hhn4059-HHN
last-modified
Mon, 21 Mar 2022 20:55:01 GMT
server
Apache
x-timer
S1649085124.601345,VS0,VE1
date
Mon, 04 Apr 2022 15:12:03 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 29 Apr 2022 11:01:52 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| mn function| requirejs function| require function| define function| sha256 function| sha224 function| $ function| jQuery

3 Cookies

Domain/Path Name / Value
shopping.mileageplus.com/ Name: Apache
Value: 6404d785.5dbd58cfa5294
.mileageplus.com/ Name: mbid
Value: UANOCRD
.mileageplus.com/ Name: source
Value: mn%7CUA%7CALL%7Cmn%7CNA%7Cem%7CACQ%7CDripT1%7Cemail%7C20210407

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block