urlscan.io logo urlscan.io
SecurityTrails logo

pay.watercare.co.nz Open in urlscan Pro
2600:9000:2215:9600:1a:6102:580:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://pay.watercare.co.nz/p/Z5J8B237
Submission: On September 15 via manual from NZ — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 24 HTTP transactions. The main IP is 2600:9000:2215:9600:1a:6102:580:93a1, located in United States and belongs to AMAZON-02, US. The main domain is pay.watercare.co.nz.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 7th 2023. Valid for: a year.
This is the only time pay.watercare.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 2600:9000:221... 16509 (AMAZON-02)
6 203.207.60.102 131168 (WINDCAVE-...)
2 2404:6800:400... 15169 (GOOGLE)
24 4
Apex Domain
Subdomains		 Transfer
15 watercare.co.nz
pay.watercare.co.nz
260 KB
6 paymentexpress.com
sec.paymentexpress.com — Cisco Umbrella Rank: 206284
206 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 44
21 KB
0 googletagmanager.com Failed
www.googletagmanager.com Failed
24 4
Domain Requested by
15 pay.watercare.co.nz pay.watercare.co.nz
6 sec.paymentexpress.com pay.watercare.co.nz
sec.paymentexpress.com
2 www.google-analytics.com pay.watercare.co.nz
www.google-analytics.com
0 www.googletagmanager.com Failed www.google-analytics.com
24 4

This site contains links to these domains. Also see Links.

Domain
www.watercare.co.nz
Subject Issuer Validity Valid
pay.watercare.co.nz
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-07 -
2024-01-26		 a year crt.sh
*.windcave.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-13 -
2024-03-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://pay.watercare.co.nz/p/Z5J8B237
Frame ID: 6B9E1C00407E03C9F6220F413BA90333
Requests: 18 HTTP requests in this frame

Frame: https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Frame ID: FE8E11C9D3FFEFBB98369C836082279E
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Watercare

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

24
Requests

96 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

487 kB
Transfer

1257 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Z5J8B237
pay.watercare.co.nz/p/ 		8 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
176ebe1beac89ad9c03d6409b23544f6830b50be185cc7ec09ccec355b6c315f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

access-control-allow-headers
content-type
cache-control
no-cache
content-security-policy
default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
content-type
text/html; charset=utf-8
date
Fri, 15 Sep 2023 00:02:27 GMT
expires
-1
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
x-amz-cf-id
SFEnCG5WUjHTF7vcYpYFfq8y_OFX5PiFeLqX2umFIstt-ymUt9niLA==
x-amz-cf-pop
SYD62-P2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-webpay-appname
Payment Portal
x-xss-protection
1; mode=block
bundle-all.min.css
pay.watercare.co.nz/compiled/css/ 		222 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/css/bundle-all.min.css?v=NL1NGWCdbM_VRiMYR8NKMNJSZjJ9dSpTRyU7tCb9mHE
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
34bd4d19609d6ccfd546231847c34a30d25266327d752a5347253bb426fd9871
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:28 GMT
content-encoding
gzip
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Sun, 20 Aug 2023 21:50:12 GMT
x-amz-cf-pop
SYD62-P2
etag
W/"1d9d3b04b95fa68"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
cache-control
public, max-age=31536000
x-amz-cf-id
4YOlxYNm0lVTipreu6DVgxG75quVw65Fup1V2RmYcOHe8LOxKJSo_A==
site.min.css
pay.watercare.co.nz/compiled/css/clients/watercare/ 		245 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/css/clients/watercare/site.min.css?v=TBjz5ZjZM2d6UWfr1atM5_D9k7sq4K3WkIL2ggL2Uk8
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5efb1571105f2a11f0807bcc1ad3d43cd0dc0f37bbca936d478e0912b77ff7a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:27 GMT
content-encoding
gzip
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Sun, 20 Aug 2023 21:50:09 GMT
x-amz-cf-pop
SYD62-P2
etag
W/"1d9d3b049cf6d62"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
cache-control
public, max-age=31536000
x-amz-cf-id
E56PMgJC0BQZq98T0GUQ2mRBmN2z0ATZzOlixAH2xfTFulbJs-AtFg==
common-init.min.js
pay.watercare.co.nz/compiled/js/ 		355 B
770 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/js/common-init.min.js?v=_fNZ9WJlsjre29iKn7uT9mVogh514KdK7aHtLsehVK4
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
24e400c6c9d609fbf028d39d958d2798369530b283aff84381e58c45d4e22d82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:50:04 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b046d1cf63"
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
355
x-amz-cf-id
KnwUrr1aj-iC-m6rfsJfeKNCuJHZ6UaOoQQ0DUReM99qQ4GhXum0yg==
logo.png
pay.watercare.co.nz/images/clients/watercare/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pay.watercare.co.nz/images/clients/watercare/logo.png
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1a1f2e960289ae21e99604a2fc3bd62eea6c7b0548c3c95f999eaf82d8b8d389
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:49:46 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b03c1798ba"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
41402
x-amz-cf-id
2tIcKWKQPWMWH47MGscMVFvacvBHIbaZQLxJn14WDQrsM1MiP4Nrnw==
windcave.png
pay.watercare.co.nz/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pay.watercare.co.nz/images/windcave.png
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
76ec1b6b06e53a55fe48d8fc7ffcf8306f2c686a9328b67e024ccc818ad775fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:49:46 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b03c173560"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
3168
x-amz-cf-id
RjvtJPeGcPAt2XrLB2wvKISJeAG0_RJR6Rly9EGEZrgcIOXmibHoYA==
bundle-vendor.min.js
pay.watercare.co.nz/compiled/js/ 		168 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/js/bundle-vendor.min.js?v=zaSrFSwDhctWKlrlbAsW9Ocj_nxuzBWPCOWB7qifLm8
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
cda4ab152c0385cb562a5ae56c0b16f4e723fe7c6ecc158f08e581eea89f2e6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:28 GMT
content-encoding
gzip
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Sun, 20 Aug 2023 21:50:12 GMT
x-amz-cf-pop
SYD62-P2
etag
W/"1d9d3b04b9423f9"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
rgqRUA7Ce0B-V50N7EpSwMfvpVwoc9vDljKld7Py5ziUlB9SwKDl6g==
payment-scripts.min.js
pay.watercare.co.nz/compiled/js/ 		388 B
804 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/js/payment-scripts.min.js?v=puqfTvx7ONnlKD4hEQD24uzeESEG4xH3fmu1g5US_lw
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4d07376a7bfb58c7cab965e5f0bf1072196486072906fb75567fe03a354e59f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:50:04 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b046d1cf84"
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
388
x-amz-cf-id
2-jrb9ONq1F-S6SpbvrDdGFrrJLD-6prWIQZDoa7IJ-5FDYLBQEBnA==
log-pagevisits.min.js
pay.watercare.co.nz/compiled/js/ 		105 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/js/log-pagevisits.min.js?v=bjYm5pHaUOrdpjLuqhg5b2hG60PsSElK_2maDo3rCIw
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8a0fd74eef139b8e95a6d7f7582118bac6c3ff4cd6b72fa88ad6c71215c56f54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:50:04 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b046d1ce69"
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
105
x-amz-cf-id
olf0uzScPlPhkICnKmoSxN9D6QWyW1upmKEq68t8oJeGeS78OML23w==
devicecapture.min.js
pay.watercare.co.nz/compiled/js/ 		443 B
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/js/devicecapture.min.js?v=nTUdHFFje8WK9sn1IQMxObzGbTyTOEs6wVSp-A12f0I
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
37e146d90eea217bb52470a8cb2889d9b4bd8785564fbad77897b99561871f3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:50:04 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b046d1cfbb"
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
443
x-amz-cf-id
haL6jQAhBre8iY18362hagrtxf1RaRzKpiHZ-3PmxynGYOCBrQukAw==
google-analytics.min.js
pay.watercare.co.nz/compiled/js/ 		415 B
830 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/compiled/js/google-analytics.min.js?v=qoElqc-BeLy5f62nHGSuxGtX34qjdOUfgaFJ3NwY5bg
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a70a7433e9ab5d5ac0018440d4afc68428e0f13c672b6adcb73ede55a076d398
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/p/Z5J8B237
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:50:04 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b046d1cf9f"
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
415
x-amz-cf-id
AJZ-evxJb2qd6IGeQ8kTTvLB0rZiUaY_l9yHn5NU8l4r3Nn2hPK87g==
F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
sec.paymentexpress.com/pxmi3/ Frame FE8E 		55 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/p/Z5J8B237
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.207.60.102 , New Zealand, ASN131168 (WINDCAVE-AS-AP Windcave Limited, NZ),
Reverse DNS
Software
/
Resource Hash
9052d62e4d2a2e7dc5358f8ad6795713aa61f943e01e9cfdb82462f3baf764f6
Security Headers
Name Value
Content-Security-Policy connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self' https://fonts.gstatic.com;form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://pay.watercare.co.nz *;frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self' https://fonts.gstatic.com;form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://pay.watercare.co.nz *;frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pay.watercare.co.nz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

Cache-Control
no-cache,no-store
Content-Encoding
gzip
Content-Length
14287
Content-Security-Policy
connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self' https://fonts.gstatic.com;form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://pay.watercare.co.nz *;frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;
Content-Type
text/html
Date
Fri, 15 Sep 2023 00:02:30 GMT
Expires
0
Pragma
no-cache
Server
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Encoding
X-ASPNET-VERSION
X-Content-Security-Policy
connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self' https://fonts.gstatic.com;form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://pay.watercare.co.nz *;frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-/BzoRtwTOw/uaEGOVnSe9Q==' ;
X-Content-Type-Options
nosniff
X-POWERED-BY
X-XSS-Protection
1; mode=block
open-sans-v15-latin-ext_latin_greek_cyrillic_vietnamese_cyrillic-ext_greek-ext-regular.woff
pay.watercare.co.nz/fonts/ 		93 KB
94 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/fonts/open-sans-v15-latin-ext_latin_greek_cyrillic_vietnamese_cyrillic-ext_greek-ext-regular.woff
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/compiled/css/clients/watercare/site.min.css?v=TBjz5ZjZM2d6UWfr1atM5_D9k7sq4K3WkIL2ggL2Uk8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9efb74ddc9821218bfaf7b5c2c8a3e43767a1653694c69de918b9fa503ee4ce4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://pay.watercare.co.nz/compiled/css/clients/watercare/site.min.css?v=TBjz5ZjZM2d6UWfr1atM5_D9k7sq4K3WkIL2ggL2Uk8
Origin
https://pay.watercare.co.nz
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

pragma
no-cache, no-store, must-revalidate
date
Fri, 15 Sep 2023 00:02:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
last-modified
Sun, 20 Aug 2023 21:49:46 GMT
x-amz-cf-pop
SYD62-P2
etag
"1d9d3b03c164d38"
x-cache
Miss from cloudfront
content-type
application/font-woff
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
95288
x-amz-cf-id
EsSzkzywPmY5aS5VfAT6lhVm2wMRLqkjnbpBA1uI6MSeMaMZBxMM5g==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/compiled/js/google-analytics.min.js?v=qoElqc-BeLy5f62nHGSuxGtX34qjdOUfgaFJ3NwY5bg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:810::200e Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://pay.watercare.co.nz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 14 Sep 2023 22:11:20 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6671
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 15 Sep 2023 00:11:20 GMT
visit
pay.watercare.co.nz/p/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/p/visit
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/compiled/js/bundle-vendor.min.js?v=zaSrFSwDhctWKlrlbAsW9Ocj_nxuzBWPCOWB7qifLm8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://pay.watercare.co.nz/p/Z5J8B237
X-Requested-With
XMLHttpRequest
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 15 Sep 2023 00:02:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
x-webpay-appname
Payment Portal
x-amz-cf-pop
SYD62-P2
x-cache
Miss from cloudfront
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache, no-store, must-revalidate
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
content-type
x-amz-cf-id
hwMfTl78eUVqOUrZnDa4-xtWGv_yKKw6b6wxDRjOBpI_qbVGKbXzRg==
sessionstart
pay.watercare.co.nz/p/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/p/sessionstart
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/compiled/js/bundle-vendor.min.js?v=zaSrFSwDhctWKlrlbAsW9Ocj_nxuzBWPCOWB7qifLm8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://pay.watercare.co.nz/p/Z5J8B237
X-Requested-With
XMLHttpRequest
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 15 Sep 2023 00:02:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
x-webpay-appname
Payment Portal
x-amz-cf-pop
SYD62-P2
x-cache
Miss from cloudfront
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache, no-store, must-revalidate
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
content-type
x-amz-cf-id
A0lgE5zqq0kGJDcCba73cS87xp3Q7F8zI94wtk38P38pnVWPDHeaZw==
PP23091500000027
pay.watercare.co.nz/p/device-data/Z5J8B237/ 		61 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.watercare.co.nz/p/device-data/Z5J8B237/PP23091500000027
Requested by
Host: pay.watercare.co.nz
URL: https://pay.watercare.co.nz/compiled/js/bundle-vendor.min.js?v=zaSrFSwDhctWKlrlbAsW9Ocj_nxuzBWPCOWB7qifLm8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2215:9600:1a:6102:580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6add17fe409e4639d875d0ec26e0f1d868b78b9ac0fe824511680404b3a843c4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://pay.watercare.co.nz/p/Z5J8B237
X-Requested-With
XMLHttpRequest
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 15 Sep 2023 00:02:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
via
1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront)
x-webpay-appname
Payment Portal
x-amz-cf-pop
SYD62-P2
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache, no-store, must-revalidate
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
content-type
x-amz-cf-id
CQWAaIyjiVHm1P1UMYOnw5UWl3wk4pUcKPPhjlbYPmFtH13X2R-FzA==
30090_0002
sec.paymentexpress.com/pxmi3/ Frame FE8E 		70 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec.paymentexpress.com/pxmi3/30090_0002
Requested by
Host: sec.paymentexpress.com
URL: https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.207.60.102 , New Zealand, ASN131168 (WINDCAVE-AS-AP Windcave Limited, NZ),
Reverse DNS
Software
/
Resource Hash
7b5d6eb1e0d7c0b9982650173a2e13375faf9903cab774e1b993f02ebcc09605
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Frame-Options
deny
X-ASPNET-VERSION
X-POWERED-BY
Date
Fri, 15 Sep 2023 00:02:30 GMT
Content-Length
17640
X-XSS-Protection
1; mode=block
Server
ETag
"1377213436"
Vary
Accept-Encoding
X-Frame-Options
deny
Content-Type
text/css
Cache-Control
no-transform,public
Expires
Fri, 15 Sep 2023 00:02:30 GMT
csc-mastercard.png
sec.paymentexpress.com/pxmi/images/ Frame FE8E 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec.paymentexpress.com/pxmi/images/csc-mastercard.png
Requested by
Host: sec.paymentexpress.com
URL: https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.207.60.102 , New Zealand, ASN131168 (WINDCAVE-AS-AP Windcave Limited, NZ),
Reverse DNS
Software
/
Resource Hash
359b13aaa6946f7748dc0ca1a5e7d09c010952c536cd6b413152b5e0ff10b910
Security Headers
Name Value
Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Security-Policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options
nosniff
Frame-Options
deny
X-ASPNET-VERSION
X-POWERED-BY
Date
Fri, 15 Sep 2023 00:02:30 GMT
Content-Length
55398
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 09 May 2016 23:39:56 GMT
Server
ETag
"0ee8f174caad11:0"
X-Frame-Options
deny
Content-Type
image/png
Accept-Ranges
bytes
X-Content-Security-Policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
csc-amex.png
sec.paymentexpress.com/pxmi/images/ Frame FE8E 		56 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec.paymentexpress.com/pxmi/images/csc-amex.png
Requested by
Host: sec.paymentexpress.com
URL: https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.207.60.102 , New Zealand, ASN131168 (WINDCAVE-AS-AP Windcave Limited, NZ),
Reverse DNS
Software
/
Resource Hash
65e64730c6b8ff8cfbe722097a2edea27aa439963a3ca3cc6237503d454e4db6
Security Headers
Name Value
Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Security-Policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options
nosniff
Frame-Options
deny
X-ASPNET-VERSION
X-POWERED-BY
Date
Fri, 15 Sep 2023 00:02:30 GMT
Content-Length
57447
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 09 May 2016 23:39:24 GMT
Server
ETag
"01e7d44caad11:0"
X-Frame-Options
deny
Content-Type
image/png
Accept-Ranges
bytes
X-Content-Security-Policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
0305_0001
sec.paymentexpress.com/pxmi3/ Frame FE8E 		175 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.paymentexpress.com/pxmi3/0305_0001
Requested by
Host: sec.paymentexpress.com
URL: https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.207.60.102 , New Zealand, ASN131168 (WINDCAVE-AS-AP Windcave Limited, NZ),
Reverse DNS
Software
/
Resource Hash
74bb232d4149411749f612d1afc42e3b1352ca998e96d9cc2413dd09da6559b0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Frame-Options
deny
X-ASPNET-VERSION
X-POWERED-BY
Date
Fri, 15 Sep 2023 00:02:30 GMT
Content-Length
55893
X-XSS-Protection
1; mode=block
Server
ETag
"1379010794"
Vary
Accept-Encoding
X-Frame-Options
deny
Content-Type
text/javascript
Cache-Control
no-transform,public
Expires
Fri, 15 Sep 2023 00:02:30 GMT
0306_0001
sec.paymentexpress.com/pxmi3/ Frame FE8E 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.paymentexpress.com/pxmi3/0306_0001
Requested by
Host: sec.paymentexpress.com
URL: https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.207.60.102 , New Zealand, ASN131168 (WINDCAVE-AS-AP Windcave Limited, NZ),
Reverse DNS
Software
/
Resource Hash
38e1572ad99277609909f57d76a7886e87748f57335661a8b0d6454ac5f9eaf6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://sec.paymentexpress.com/pxmi3/F2BA0CA6ED1F057B09B3EF0D48D9730C2C38ED9A850493A167045EEE3295DEBFC0ABAF1DEE2BF3A750F023EC3DA42EE4E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Frame-Options
deny
X-ASPNET-VERSION
X-POWERED-BY
Date
Fri, 15 Sep 2023 00:02:30 GMT
Content-Length
4269
X-XSS-Protection
1; mode=block
Server
ETag
"1377213410"
Vary
Accept-Encoding
X-Frame-Options
deny
Content-Type
text/javascript
Cache-Control
no-transform,public
Expires
Fri, 15 Sep 2023 00:02:31 GMT
collect
www.google-analytics.com/j/ 		15 B
224 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=799389439&t=pageview&_s=1&dl=https%3A%2F%2Fpay.watercare.co.nz%2Fp%2FZ5J8B237&ul=en-us&de=UTF-8&dt=Watercare&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1975554297&gjid=467305603&cid=1984172811.1694736151&tid=UA-4097820-25&_gid=645416441.1694736151&_r=1&_slc=1&z=2078457190
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:810::200e Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f5ffa8439c007aabec97558204064156b7307f5767bf08eb498676316e9ddac
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://pay.watercare.co.nz/
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 15 Sep 2023 00:02:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pay.watercare.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-JKHHNTQT5W&cx=c&_slc=1

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture boolean| __iframeLoad string| _aurl string| _con string| _iref string| _tkn object| _vst string| _act string| __vendorObject function| positionFooter function| SubmitPageActions function| SubmitSessionStartEvent function| $ function| jQuery object| respond object| html5 object| Modernizr string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer

5 Cookies

Domain/Path Name / Value
pay.watercare.co.nz/ Name: webpay.paymentportal.csrf
Value: CfDJ8B4vkswGKSlNsEzdCjae327ZmVvU2eEuQ2t0JEW3q903JgaBbyjqspIN1LcOn8ZwXTCFR4Qj40JPdYvmrhmyKM2QMJ8Vkj5m-yM2jKQcoF7bIknDEPKnhkahNzNXgroKhaK3zs-Nyns4iDNWLHnjWGs
pay.watercare.co.nz/ Name: webpay.paymentportal.session
Value: CfDJ8B4vkswGKSlNsEzdCjae324w5s70xdvjoVd5mjD86iyntLnAVWv%2FapfRkI4pKbyzPM4o1bU8FRBZ2i8HFORuEP3UJXrI%2BlkKrItG5kAF7%2FK%2Fu%2BgSMshN86%2BBuLSnjjjZo0dYhoYS3wUtrmBonP7CpgSwfLgmjuZECMyZDwQvb7uY
.watercare.co.nz/ Name: _ga
Value: GA1.3.1984172811.1694736151
.watercare.co.nz/ Name: _gid
Value: GA1.3.645416441.1694736151
.watercare.co.nz/ Name: _gat
Value: 1

1 Console Messages

Source Level URL
Text
security error URL: https://www.google-analytics.com/analytics.js(Line 23)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-JKHHNTQT5W&cx=c&_slc=1' because it violates the following Content Security Policy directive: "script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors *; frame-src 'self' *; img-src 'self' data: https://www.google-analytics.com https://*.paypal.com; script-src 'self' https://www.google-analytics.com https://libs.na.bambora.com https://customcheckout-uat.bambora.net.au https://*.cardinalcommerce.com https://*.paypal.com https://flex.cybersource.com https://testflex.cybersource.com 'sha256-T9oVjhR9pcbkXjcuI6Lk2sKXQ/qhhUiRtWAVICvbr8M=' 'sha256-dCzCemAwa/x6WclTb7HrxT3RvBGILqr7Q5mVzP83hiA=' 'sha256-hcQ967FDCsP/rkwMFGPvqleY+hP6H0p/8yRMZf8bSl0=' 'sha256-XUIYAmEnlrpgRQQ9CsRQj3zYS4rnxIRRdAyPusSDchU=' 'sha256-6CHHTQgyteSsehjJktcBJe3fNcSTvRZBlIe7F5Las40=' 'sha256-9ucSMaMBnF9vATz8BocOrsrZ+f//hB8S5Azkty13JQU=' 'sha256-QK2T1Io16TJyyJO2vLWTKd9HefSPOQihglNtEzK0K/E=' 'sha256-3o6yak0KY3FxoXdvbMq6IJqE5AFxowCrR01ZGUPCbJw=' 'nonce-c1vpPl0UlziyqmHI8UKw'; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com; ; connect-src 'self' https://www.google-analytics.com https://*.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://*.amazonaws.com https://flex.cybersource.com https://testflex.cybersource.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pay.watercare.co.nz
sec.paymentexpress.com
www.google-analytics.com
www.googletagmanager.com
www.googletagmanager.com
203.207.60.102
2404:6800:4006:810::200e
2600:9000:2215:9600:1a:6102:580:93a1
0f5ffa8439c007aabec97558204064156b7307f5767bf08eb498676316e9ddac
176ebe1beac89ad9c03d6409b23544f6830b50be185cc7ec09ccec355b6c315f
1a1f2e960289ae21e99604a2fc3bd62eea6c7b0548c3c95f999eaf82d8b8d389
24e400c6c9d609fbf028d39d958d2798369530b283aff84381e58c45d4e22d82
34bd4d19609d6ccfd546231847c34a30d25266327d752a5347253bb426fd9871
359b13aaa6946f7748dc0ca1a5e7d09c010952c536cd6b413152b5e0ff10b910
37e146d90eea217bb52470a8cb2889d9b4bd8785564fbad77897b99561871f3a
38e1572ad99277609909f57d76a7886e87748f57335661a8b0d6454ac5f9eaf6
4d07376a7bfb58c7cab965e5f0bf1072196486072906fb75567fe03a354e59f0
5efb1571105f2a11f0807bcc1ad3d43cd0dc0f37bbca936d478e0912b77ff7a5
65e64730c6b8ff8cfbe722097a2edea27aa439963a3ca3cc6237503d454e4db6
6add17fe409e4639d875d0ec26e0f1d868b78b9ac0fe824511680404b3a843c4
74bb232d4149411749f612d1afc42e3b1352ca998e96d9cc2413dd09da6559b0
76ec1b6b06e53a55fe48d8fc7ffcf8306f2c686a9328b67e024ccc818ad775fc
7b5d6eb1e0d7c0b9982650173a2e13375faf9903cab774e1b993f02ebcc09605
8a0fd74eef139b8e95a6d7f7582118bac6c3ff4cd6b72fa88ad6c71215c56f54
9052d62e4d2a2e7dc5358f8ad6795713aa61f943e01e9cfdb82462f3baf764f6
9efb74ddc9821218bfaf7b5c2c8a3e43767a1653694c69de918b9fa503ee4ce4
a70a7433e9ab5d5ac0018440d4afc68428e0f13c672b6adcb73ede55a076d398
cda4ab152c0385cb562a5ae56c0b16f4e723fe7c6ecc158f08e581eea89f2e6f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855