URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Submission: On April 28 via manual from IN — Scanned from GB

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 46.17.90.198, located in United Kingdom and belongs to CWCS-PS CompuWeb Communications Services Ltd, GB. The main domain is www.boots-uk.com. The Cisco Umbrella rank of the primary domain is 717014.
This is the only time www.boots-uk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 14 46.17.90.198 15510 (CWCS-PS C...)
2 2a03:2880:f08... 32934 (FACEBOOK)
11 3
Apex Domain
Subdomains
Transfer
14 boots-uk.com
www.boots-uk.com — Cisco Umbrella Rank: 717014
164 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 189
89 KB
0 googletagmanager.com Failed
www.googletagmanager.com Failed
11 3
Domain Requested by
14 www.boots-uk.com 6 redirects www.boots-uk.com
2 connect.facebook.net www.boots-uk.com
connect.facebook.net
0 www.googletagmanager.com Failed www.boots-uk.com
11 3
Subject Issuer Validity Valid
www.boots-uk.com
Sectigo RSA Domain Validation Secure Server CA
2022-11-08 -
2023-11-08
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-02-04 -
2023-05-05
3 months crt.sh

This page contains 1 frames:

Primary Page: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Frame ID: 87FF9B85E4266B2EE3D9B001EDEE9A2A
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Boots UK - 404

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

18 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

247 kB
Transfer

710 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.boots-uk.com/css/default.css HTTP 301
  • https://www.boots-uk.com/css/default.css
Request Chain 1
  • http://www.boots-uk.com/css/fonts/fonts.css HTTP 301
  • https://www.boots-uk.com/css/fonts/fonts.css
Request Chain 2
  • http://www.boots-uk.com/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1 HTTP 301
  • https://www.boots-uk.com/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1
Request Chain 3
  • http://www.boots-uk.com/bundles/jqueryui?v=Ymzm0aK2YLdxoM4xdPfrvsTFs4Bm24oRa-Yh4PCHd3Y1 HTTP 301
  • https://www.boots-uk.com/bundles/jqueryui?v=Ymzm0aK2YLdxoM4xdPfrvsTFs4Bm24oRa-Yh4PCHd3Y1
Request Chain 4
  • http://www.boots-uk.com/bundles/jquery.unobstrusive-ajax?v=Xuam6TWPhcGt1QT7p5fexG3T-XZA9hjh88zJ89jkDQQ1 HTTP 301
  • https://www.boots-uk.com/bundles/jquery.unobstrusive-ajax?v=Xuam6TWPhcGt1QT7p5fexG3T-XZA9hjh88zJ89jkDQQ1
Request Chain 5
  • http://www.boots-uk.com/bundles/site?v=C5UfMKy8g4M_VhRyJVPOdAG3dYTLDs-jhJ7B-SoOhZo1 HTTP 301
  • https://www.boots-uk.com/bundles/site?v=C5UfMKy8g4M_VhRyJVPOdAG3dYTLDs-jhJ7B-SoOhZo1
Request Chain 7
  • http://connect.facebook.net/en_GB/sdk.js HTTP 307
  • https://connect.facebook.net/en_GB/sdk.js

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request erectile-dysfunction
www.boots-uk.com/,%20https://onlinedoctor.boots.com/
9 KB
4 KB
Document
General
Full URL
http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
e0ff6f5b794593d54b4915ac0a2945d20c4710cbe5c28ed312ed0f40c9cf0238
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=604800
Content-Encoding
gzip
Content-Length
2858
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Type
text/html
Date
Fri, 28 Apr 2023 04:42:18 GMT
ETag
"01d5e3eaf25d91:0"
Last-Modified
Wed, 11 Jan 2023 11:24:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
default.css
www.boots-uk.com/css/
Redirect Chain
  • http://www.boots-uk.com/css/default.css
  • https://www.boots-uk.com/css/default.css
26 KB
7 KB
Stylesheet
General
Full URL
https://www.boots-uk.com/css/default.css
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
a2f558a7c19a05a8fe57edc84d60264d436437c0f8098c7bb56cbe39775d7ad2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Encoding
gzip
Date
Fri, 28 Apr 2023 04:42:18 GMT
Last-Modified
Wed, 11 Jan 2023 11:24:18 GMT
ETag
"01d5e3eaf25d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Length
5607

Redirect headers

Location
https://www.boots-uk.com/css/default.css
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Server
Microsoft-IIS/8.0
Content-Length
163
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
fonts.css
www.boots-uk.com/css/fonts/
Redirect Chain
  • http://www.boots-uk.com/css/fonts/fonts.css
  • https://www.boots-uk.com/css/fonts/fonts.css
777 B
2 KB
Stylesheet
General
Full URL
https://www.boots-uk.com/css/fonts/fonts.css
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
006eb9398012d9a55ffb955c93818b61169863acf834edb49849d43cc5bd6e88
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Encoding
gzip
Date
Fri, 28 Apr 2023 04:42:18 GMT
Last-Modified
Wed, 11 Jan 2023 11:24:18 GMT
ETag
"01d5e3eaf25d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Length
643

Redirect headers

Location
https://www.boots-uk.com/css/fonts/fonts.css
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Server
Microsoft-IIS/8.0
Content-Length
167
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
jquery
www.boots-uk.com/bundles/
Redirect Chain
  • http://www.boots-uk.com/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1
  • https://www.boots-uk.com/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1
87 KB
41 KB
Script
General
Full URL
https://www.boots-uk.com/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
4da12458b1891cf9dd95758aed6f681fdd8f102daf54c03c49f07e3dde274fe2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Encoding
gzip
Date
Fri, 28 Apr 2023 04:42:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Length
40503
Expires
-1

Redirect headers

Location
https://www.boots-uk.com/bundles/jquery?v=fk_F6Qt3r-gbLvti3NKJtDRocNtFlm7WpDj8daOpRzs1
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Server
Microsoft-IIS/8.0
Content-Length
209
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
jqueryui
www.boots-uk.com/bundles/
Redirect Chain
  • http://www.boots-uk.com/bundles/jqueryui?v=Ymzm0aK2YLdxoM4xdPfrvsTFs4Bm24oRa-Yh4PCHd3Y1
  • https://www.boots-uk.com/bundles/jqueryui?v=Ymzm0aK2YLdxoM4xdPfrvsTFs4Bm24oRa-Yh4PCHd3Y1
248 KB
91 KB
Script
General
Full URL
https://www.boots-uk.com/bundles/jqueryui?v=Ymzm0aK2YLdxoM4xdPfrvsTFs4Bm24oRa-Yh4PCHd3Y1
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
2aa29a48c2c44c201979079210bc6bd559dee58f07893d9ca6ed6bd9ffd2ba7f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Encoding
gzip
Date
Fri, 28 Apr 2023 04:42:18 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=utf-8
Vary
Accept-Encoding
Cache-Control
no-cache
Expires
-1

Redirect headers

Location
https://www.boots-uk.com/bundles/jqueryui?v=Ymzm0aK2YLdxoM4xdPfrvsTFs4Bm24oRa-Yh4PCHd3Y1
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Server
Microsoft-IIS/8.0
Content-Length
211
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
jquery.unobstrusive-ajax
www.boots-uk.com/bundles/
Redirect Chain
  • http://www.boots-uk.com/bundles/jquery.unobstrusive-ajax?v=Xuam6TWPhcGt1QT7p5fexG3T-XZA9hjh88zJ89jkDQQ1
  • https://www.boots-uk.com/bundles/jquery.unobstrusive-ajax?v=Xuam6TWPhcGt1QT7p5fexG3T-XZA9hjh88zJ89jkDQQ1
3 KB
3 KB
Script
General
Full URL
https://www.boots-uk.com/bundles/jquery.unobstrusive-ajax?v=Xuam6TWPhcGt1QT7p5fexG3T-XZA9hjh88zJ89jkDQQ1
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
c38b8ed7dbb34d765effeef37cc2c4e22f54cfa34a5fa09e58ac3fdaaa0d8bf7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Encoding
gzip
Date
Fri, 28 Apr 2023 04:42:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Length
1603
Expires
-1

Redirect headers

Location
https://www.boots-uk.com/bundles/jquery.unobstrusive-ajax?v=Xuam6TWPhcGt1QT7p5fexG3T-XZA9hjh88zJ89jkDQQ1
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Server
Microsoft-IIS/8.0
Content-Length
227
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
site
www.boots-uk.com/bundles/
Redirect Chain
  • http://www.boots-uk.com/bundles/site?v=C5UfMKy8g4M_VhRyJVPOdAG3dYTLDs-jhJ7B-SoOhZo1
  • https://www.boots-uk.com/bundles/site?v=C5UfMKy8g4M_VhRyJVPOdAG3dYTLDs-jhJ7B-SoOhZo1
25 KB
11 KB
Script
General
Full URL
https://www.boots-uk.com/bundles/site?v=C5UfMKy8g4M_VhRyJVPOdAG3dYTLDs-jhJ7B-SoOhZo1
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
HTTP/1.1
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
2c3dc4888b7e012c9aec8b43365ee37bbf208ee1c94b348ce5129eb85773443d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Content-Encoding
gzip
Date
Fri, 28 Apr 2023 04:42:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Length
9761
Expires
-1

Redirect headers

Location
https://www.boots-uk.com/bundles/site?v=C5UfMKy8g4M_VhRyJVPOdAG3dYTLDs-jhJ7B-SoOhZo1
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Server
Microsoft-IIS/8.0
Content-Length
207
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
gtm.js
www.googletagmanager.com/
0
0

sdk.js
connect.facebook.net/en_GB/
Redirect Chain
  • http://connect.facebook.net/en_GB/sdk.js
  • https://connect.facebook.net/en_GB/sdk.js
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/sdk.js
Requested by
Host: www.boots-uk.com
URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction
Protocol
H2
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c84873ed0f11ca3ef99e9f8051e834480c7c78cd7a5c9248265c9fafa6886467
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://www.boots-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Apr 2023 04:42:12 GMT
content-md5
jb4eNioiTcT+9vijA76kXQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
PwVWKhp+nf3X0Go6M0DbuYo0bCPVZ87e3DWzm9QKjyobkwHc/Q7jRbVwuQPzyaJ0I4yYHktTLbdD75G40IsRLA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
x-fb-content-md5
ca66e17308d5204778d8cbb811df1e4f
cross-origin-opener-policy
same-origin-allow-popups
etag
"ec786cd0c36d354c2664c5c6b70ede27"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
x-frame-options
DENY
timing-allow-origin
*
expires
Fri, 28 Apr 2023 04:55:21 GMT

Redirect headers

Location
https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.4
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
search.png
www.boots-uk.com/css/images/
960 B
2 KB
Image
General
Full URL
https://www.boots-uk.com/css/images/search.png
Requested by
Host: www.boots-uk.com
URL: https://www.boots-uk.com/css/default.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
46.17.90.198 , United Kingdom, ASN15510 (CWCS-PS CompuWeb Communications Services Ltd, GB),
Reverse DNS
Software
/
Resource Hash
8d5542ac82ab18562de457430d8e6f9f3947e26b78b257eb2f19d29de1762d47
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.boots-uk.com/css/default.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
Date
Fri, 28 Apr 2023 04:42:18 GMT
Last-Modified
Wed, 11 Jan 2023 11:24:18 GMT
ETag
"01d5e3eaf25d91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Length
960
sdk.js
connect.facebook.net/en_GB/
306 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/sdk.js?hash=456fee74b798dbf32b16d8c1ac64fbd2
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_GB/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e7447cd2c5e80b749c3afb289376a313b1300fdb159891c41e30a62a9b0c43bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://www.boots-uk.com/
Origin
http://www.boots-uk.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Apr 2023 04:42:13 GMT
content-md5
fUP2lQqcGd/X9X12xK4H+Q==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
88626
x-fb-rlafr
0
x-fb-debug
WZEAZxnTf7IXirm4QWxouw2Tephhj7NUpIV239rM2ODLJDt0683D2LE1KB+6NYJcnsaV17ZU4KMSFq7H9C+30A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
383516563813a21c332229310569f68b
cross-origin-opener-policy
same-origin-allow-popups
etag
"2ea727b3afbf7080f0aa8b84e7633992"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Sat, 27 Apr 2024 04:25:45 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtm.js?id=GTM-5LTWRKF

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery object| dataLayer object| bootsUK object| slideshow function| initCustomColors function| loadingOn function| loadingOff object| FB object| __buffer

0 Cookies

1 Console Messages

Source Level URL
Text
security error URL: http://www.boots-uk.com/,%20https://onlinedoctor.boots.com/erectile-dysfunction(Line 34)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtm.js?id=GTM-5LTWRKF' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com
X-Frame-Options SAMEORIGIN