proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.17 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/
Effective URL:
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPM...
Submission: On July 01 via automatic, source certstream-suspicious (July 1st 2023, 12:20:50 am UTC) — Scanned from DE

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 26 HTTP transactions. The main IP is 108.138.7.17, located in United States and belongs to AMAZON-02, US. The main domain is proxy.qa.internal.sso.cambridge.org.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 28th 2023. Valid for: a year.

This is the only time proxy.qa.internal.sso.cambridge.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	99.86.4.67 99.86.4.67	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
2	13.42.157.192 13.42.157.192	16509 (AMAZON-02) (AMAZON-02)
1 2	13.32.121.19 13.32.121.19	16509 (AMAZON-02) (AMAZON-02)
5	108.138.7.17 108.138.7.17	16509 (AMAZON-02) (AMAZON-02)
2	107.23.218.60 107.23.218.60	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2	23.32.184.244 23.32.184.244	() ()
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
26	9

9 99.86.4.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-67.fra6.r.cloudfront.net

dev-2.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.42.157.192 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-157-192.eu-west-2.compute.amazonaws.com

unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.19 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-19.fra60.r.cloudfront.net

openid.qa.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.7.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-17.fra56.r.cloudfront.net

proxy.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.23.218.60 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: lb-d.us1.gigya.com

accounts.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.184.244 (None, )

ASN- ()

cdns.eu1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	cambridgeassessment.org.uk dev-2.internal.submitforassessment.cambridgeassessment.org.uk unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	1016 KB
7	cambridge.org 1 redirects openid.qa.sso.cambridge.org proxy.qa.internal.sso.cambridge.org	10 KB
4	gigya.com accounts.gigya.com cdns.eu1.gigya.com	174 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	123 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	2 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1623	268 B
26	6

	Domain	Requested by
9	dev-2.internal.submitforassessment.cambridgeassessment.org.uk	dev-2.internal.submitforassessment.cambridgeassessment.org.uk
5	proxy.qa.internal.sso.cambridge.org	dev-2.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org
2	cdns.eu1.gigya.com	accounts.gigya.com
2	www.googletagmanager.com	proxy.qa.internal.sso.cambridge.org www.googletagmanager.com
2	accounts.gigya.com	proxy.qa.internal.sso.cambridge.org
2	openid.qa.sso.cambridge.org	1 redirects dev-2.internal.submitforassessment.cambridgeassessment.org.uk
2	unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	dev-2.internal.submitforassessment.cambridgeassessment.org.uk
2	fonts.googleapis.com	dev-2.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org
1	region1.google-analytics.com	www.googletagmanager.com
26	9

This site contains no links.

Subject Issuer	Validity	Valid
dev-2.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M01	`2023-02-23` - `2023-08-29`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
dev.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M02	`2023-06-27` - `2024-07-25`	a year	crt.sh
openid.qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-03-15` - `2024-04-12`	a year	crt.sh
qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-05-28` - `2024-06-25`	a year	crt.sh
*.us1.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-18` - `2024-05-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
cdns.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-07` - `2023-12-07`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Frame ID: 094E8BCF96677AEC1B9B88BC6049254D
Requests: 24 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: 04AC95B69499A3344F3CAB5E19369D16
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cambridge Login

Page URL History Show full URLs

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BR... HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447... Page URL

Detected technologies

SAP Customer Data Cloud Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

\.gigya\.com/JS/gigya\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

26
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

1324 kB
Transfer

5617 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fdev-2.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=6c8df1b5f0ad49cd87b642955095dd7c&code_challenge=Tcn-Lkw4AsB0hw-gDQMUsCH227qEGxjoH89euajB3L8&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/ 4 KB
3 KB 172ms
43ms Document
text/html 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

f71b3e03a103941befa394245856469ce2f5eef3e9a05509ef6265b0bf4439aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58242
content-encoding: gzip
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
content-type: text/html
date: Fri, 30 Jun 2023 08:10:04 GMT
etag: W/"673c0bec1c7dbcbdf91fb2d149445b39"
expect-ct: max-age=86400, enforce
last-modified: Fri, 30 Jun 2023 08:08:50 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-id: C1S-i84Tw_5wzk6BcXnAzsHvMn_fat8P4vAJibGednL8XJRPOo3dgA==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 190ms
67ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:20:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:51:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:20:45 GMT

GET
H2 200 4.99df9bc1.chunk.js Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 599 KB
156 KB 48ms
48ms Script
application/javascript 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:10:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 58241
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:52 GMT
server: CloudFront
etag: W/"86fd1f39aeee74901a9cd0e143ee2eea"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: -q4GKTAzlHzHihH6Su0xYiaVeLwo5zX5jSXs0XfkUU5Xy0GPdTCHDg==

GET
H2 200 main.416391d8.chunk.js Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 14 KB
4 KB 215ms
214ms Script
application/javascript 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/main.416391d8.chunk.js

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

7d6dd10a11406e30de344c9f16e9a67aecf1ee98199ba738fec69021af4ea860

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:53 GMT
server: CloudFront
etag: W/"067cd913f68ea9fe36afd28e6529fceb"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: ewugThnlwTGz8hU_gIJOTe38XOLHKqbSqFV2CM0Xeo8WVKQrPP7_7Q==

GET
H2 200 application.env Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/ 586 B
1 KB 281ms
281ms Fetch
application/octet-stream 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/application.env

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

ea0024c633161546ffee8cb889e11ac53a8dac82eb11a151567c4f7b96e98954

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 586
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:50 GMT
server: CloudFront
etag: "09622211e9982bd90207395c1b0f1f58"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/octet-stream
accept-ranges: bytes
x-amz-cf-id: BsBXPGdWNZJSFKJ_oMBBMRs7bEBspSV-Q9kpSiWoivVR3-hfb4yipQ==

GET
H2 200 2.f12a0b49.chunk.css
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 932 B
2 KB 35ms
34ms Stylesheet
text/css 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/css/2.f12a0b49.chunk.css

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:10:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 58242
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
content-length: 932
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:51 GMT
server: CloudFront
etag: "5961e94c49a73169c79049e31ec36388"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: jq1N5TfC4BlcjhXhMTahNMkRoQg-GG8w-dT54OOW1yqx0HcOS_Htgw==

GET
H2 200 2.0955e429.chunk.js Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 4 MB
746 KB 39ms
37ms Script
application/javascript 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

1f565149e781847ed5ac65cd034542cbd320faad6780d5c875d073ce1ffa4e18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:10:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 58242
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:51 GMT
server: CloudFront
etag: W/"8e3f0ba191ddcccdd97f833906bdacb8"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: JfwzavRRsSL99CARoUaO9u0xIs61-Wf1ns0HW6LujZggdvUAIwciSA==

GET
H2 200 3.de1eab18.chunk.css
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 264 B
1 KB 35ms
33ms Stylesheet
text/css 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/css/3.de1eab18.chunk.css

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 08:41:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 56374
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
content-length: 264
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:51 GMT
server: CloudFront
etag: "0d9784dcc75f1b308eb822a2a4167505"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: R49W3eSAPO9Mj-Pg8nDA3uA-d0WseTHarUsCht_JxaS5BLD_tymV9Q==

GET
H2 200 3.b43a3ca9.chunk.js Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 451 KB
102 KB 290ms
289ms Script
application/javascript 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/3.b43a3ca9.chunk.js

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

030dfbf62cd8baa983288d3f930706009c6af9fe4c3517940eb8991cb5c82977

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:52 GMT
server: CloudFront
etag: W/"0ddc027047846c9bf88b280e99a85e8e"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: 2wnsxiZaLfte3r6lrdLwS3wVKIIdJ7p42L7ccta5FTxZ5F9QUgggbg==

GET
H2 200 5.d93238a8.chunk.js Show response
dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 456 B
1 KB 253ms
252ms Script
application/javascript 99.86.4.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/5.d93238a8.chunk.js

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-67.fra6.r.cloudfront.net

Software

CloudFront /

Resource Hash

601c2d736158ba6d274f67f051325aed739f90eec83959b7aa328bea80cee3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 456
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 30 Jun 2023 08:08:53 GMT
server: CloudFront
etag: "3a975f98fd8340c336a91aa26b302a00"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: aKGhtoMYnFjY-6TK26B1ocIgqgLd6-JAsl-kKmpLdQscFB3U0NtXWA==

OPTIONS
H2 204 proxy
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ Frame 0
0 237ms
38ms Preflight 13.42.157.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=694267725&appName=sfa&environment=default
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.157.192 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-157-192.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,if-none-match
Access-Control-Request-Method: GET
Origin: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,if-none-match
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: ETag
access-control-max-age: 172800
date: Sat, 01 Jul 2023 00:20:47 GMT
vary: Access-Control-Request-Headers

GET
H2 200 proxy Show response
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ 239 B
772 B 41ms
40ms Fetch
application/json 13.42.157.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=694267725&appName=sfa&environment=default
Requested by: Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.157.192 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-157-192.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 25277bed5999a04697d2b7f3a8b28aa3b31dda9d71dd87a103a48b28b171458d

Request headers

Accept: application/json
Referer
If-None-Match
accept-language: de-DE,de;q=0.9
Authorization: j8iZYKUOqIutukXvc09XvrToZhhUIn3tgSz53y2snfFQpKlyaUmjsiNa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Jul 2023 00:20:47 GMT
etag: W/"ef-fDikMOOGNuxXIHPQiGhFujdLQnU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: public, max-age=2
content-length: 239

GET
H2 200 openid-configuration
openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/ 2 KB
1 KB 310ms
143ms XHR
application/json 13.32.121.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/openid-configuration
Requested by: Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-19.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:46 GMT
content-encoding: gzip
via: 1.1 91353a8aba9ab05d79e9678e004043bc.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 687
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk
x-callid: e19063859fd34a88a0669f59d737feec
cache-control: private
access-control-allow-credentials: true
x-server: eu1a-nomad-t5
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: YNLSwHt2Eh4kER3AzYvfOqqyC0vQsM46qOgTHhXVfYuExqEl3d6o7w==

GET
H2

200

Primary Request proxy Show response
proxy.qa.internal.sso.cambridge.org/
Redirect Chain

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fdev-2.int...
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+rol...

1 KB
2 KB

806ms
685ms

Document
text/html

108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Requested by

Host: dev-2.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.0955e429.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Sat, 01 Jul 2023 00:20:49 GMT
etag: W/"30542a2fd5da6ba72ba88c496aac7f5b"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
x-amz-cf-id: qXqGWnrtY6hyjKTCDN7Q1gnoH1wqeRKTxcvhHcCY0S1jCNtKfrAwBg==
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 0
date: Sat, 01 Jul 2023 00:20:46 GMT
location: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
via: 1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront)
x-amz-cf-id: zvXJfs6KMMdSc7klQGzv94I3PMmpUSK3p9BFyiYX4LcXCimIeepigg==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-callid: 981008b83289444ca9be94a13742838f
x-error-code: 0
x-robots-tag: none
x-server: eu1a-nomad-t13
x-soa: true, Gator

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 268ms
263ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: _Yqbm6RJalukwBnsTAI8wpvn6WJN0BXh4FtWRrNkG3xCDwbe-khxcQ==

GET
H2 200 loader.css
proxy.qa.internal.sso.cambridge.org/css/ 387 B
2 KB 33ms
29ms Stylesheet
text/css 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:51 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 53997
x-cache: Hit from cloudfront
content-length: 387
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "02ecd10b224d4b0e9b9299b18350701c"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: 2sKsTUqBxAVjkder7qOE1m9GLEkTtXEEt72p1i1OK7A0N-PRqbrqyg==

GET
H2 200 back_cache_cleanup.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 203 B
1 KB 33ms
30ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/back_cache_cleanup.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:45 GMT
via: 1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 49084
x-cache: Hit from cloudfront
content-length: 203
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "38a9d4dfd48c723df8cef5f1a03c0971"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: vEJt2mRPCbdYYZUp4FRgFoW0ek0KmgRz8IVrMy9eOywM55kwgFZVnA==

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/JS/ 500 KB
164 KB 649ms
319ms Script
text/javascript 107.23.218.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 107.23.218.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 293e2f4c2c60b43648f774e42852d2dd2a38b53b1c9c564af9112efc31241848

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:48 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t3
x-callid: aeff12561f014c17a7ec50fea5ee3da7
x-error-code: 0
x-robots-tag: none
content-length: 167934

GET
H/1.1 200
OK gigya.oidc.js Show response
accounts.gigya.com/JS/ 20 KB
7 KB 476ms
146ms Script
text/javascript 107.23.218.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 107.23.218.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:48 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t4
x-callid: ba45136db3a243d8b7e66abda4353605
x-error-code: 0
x-robots-tag: none
content-length: 6667

GET
H2 200 spinner.svg
proxy.qa.internal.sso.cambridge.org/assets/ 640 B
2 KB 195ms
194ms Image
image/svg+xml 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/spinner.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-cache: RefreshHit from cloudfront
content-length: 640
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: "f143559003fc6e3c7bd0a7966a7e2491"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: LgjMCcItFuOSCVdcv5CEy_9aPA5FYcWU2QOp9B4Mz95Qdws1FJkc2A==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
42 KB 195ms
71ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2a4c208ce57c3e0b859ab51e3166f47d49a767a1ab8b250343e3c22c9c99a83e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42825
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 01 Jul 2023 00:20:49 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
518 B 70ms
68ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:52:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:20:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
81 KB 71ms
71ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b55f20eaaaf7a71dbf151c828715d9b1a6ee7bec31511036752f99534003f46b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 01 Jul 2023 00:20:49 GMT

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 471ms
346ms Fetch
text/javascript 23.32.184.244

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.244 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cba597fc4218b88a576d2206b85b4c760c2f8692d415a9afa0ccf5ca8cb62597

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:20:49 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: eb0e6d4288dc4747a99da6cd4078318a
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t4
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2165

POST
H2 204 collect
region1.google-analytics.com/g/ 0
268 B 97ms
34ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1173081271&cid=1719805623.1688170849&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1688170849&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Jul 2023 00:20:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Api.aspx
cdns.eu1.gigya.com/gs/webSdk/ Frame 04AC 22 KB
0 424ms
328ms Document
text/html 23.32.184.244

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.32.184.244 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:20:50 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 653465f91c2f4121a8c04e4259a5285c
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t2
x-soa: true, Gator

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary Value: false
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 14068-3-28136175
.cambridge.org/	1970-01-20 22:32:10	Name: _ga Value: GA1.1.1719805623.1688170849
.cambridge.org/	1970-01-20 22:32:10	Name: _ga_QBZ91CH3NC Value: GS1.1.1688170849.1.0.1688170849.0.0.0

226 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://dev-2.internal.submitforassessment.cambridgeassessment.org.uk/ Message: The Content Security Policy directive 'sandbox' is ignored when delivered in a report-only policy.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.oq6s-pe4t04Q4AStvsFhdO1g88IXEUvgGLoRGTlacys.1688171447&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.gigya.com
cdns.eu1.gigya.com
dev-2.internal.submitforassessment.cambridgeassessment.org.uk
fonts.googleapis.com
openid.qa.sso.cambridge.org
proxy.qa.internal.sso.cambridge.org
region1.google-analytics.com
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk
www.googletagmanager.com
107.23.218.60
108.138.7.17
13.32.121.19
13.42.157.192
2001:4860:4802:34::36
23.32.184.244
2a00:1450:4001:803::200a
2a00:1450:4001:80b::2008
99.86.4.67
030dfbf62cd8baa983288d3f930706009c6af9fe4c3517940eb8991cb5c82977
1f565149e781847ed5ac65cd034542cbd320faad6780d5c875d073ce1ffa4e18
25277bed5999a04697d2b7f3a8b28aa3b31dda9d71dd87a103a48b28b171458d
293e2f4c2c60b43648f774e42852d2dd2a38b53b1c9c564af9112efc31241848
2a4c208ce57c3e0b859ab51e3166f47d49a767a1ab8b250343e3c22c9c99a83e
2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85
348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d
37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a
601c2d736158ba6d274f67f051325aed739f90eec83959b7aa328bea80cee3b2
7d6dd10a11406e30de344c9f16e9a67aecf1ee98199ba738fec69021af4ea860
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504
8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9
a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3
b55f20eaaaf7a71dbf151c828715d9b1a6ee7bec31511036752f99534003f46b
cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6
cba597fc4218b88a576d2206b85b4c760c2f8692d415a9afa0ccf5ca8cb62597
cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b
d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea0024c633161546ffee8cb889e11ac53a8dac82eb11a151567c4f7b96e98954
ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27
f71b3e03a103941befa394245856469ce2f5eef3e9a05509ef6265b0bf4439aa

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro 108.138.7.17 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

100 %HTTPS

33 %IPv6

6 Domains

9 Subdomains

9 IPs

3 Countries

1324 kBTransfer

5617 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

4 Cookies

226 Console Messages

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.17 Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

1324 kB
Transfer

5617 kB
Size

4
Cookies

26 HTTP transactions
0 data transactions