ufcw401safeway.drawbridge.ca Open in urlscan Pro
66.225.152.152  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response ufcw401safeway.drawbridge.ca/	2 KB 2 KB	125ms 38ms	Document text/html	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash b57d1a88d80ba643d2ebf3b967a67050e087431061c55aa378262c034cb91a59 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Content-Type text/html Date Fri, 22 Dec 2023 05:24:55 GMT ETag W/"65699fea-754" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Server nginx Strict-Transport-Security max-age=31536000; includeSubDomains Transfer-Encoding chunked X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block
GET H2	200	css fonts.googleapis.com/	21 KB 1 KB	104ms 40ms	Stylesheet text/css	172.253.122.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i&subset=latin&ver=5.9.3 Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.122.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS bh-in-f95.1e100.net Software ESF / Resource Hash aab755296c44d7b3403cab6b5e9c5112e3455d781f710f592dacd9b5694ace71 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 22 Dec 2023 05:24:55 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 22 Dec 2023 05:24:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 22 Dec 2023 05:24:55 GMT
GET H2	200	css fonts.googleapis.com/	20 KB 940 B	105ms 42ms	Stylesheet text/css	172.253.122.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i&subset=latin&ver=5.9.3 Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.122.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS bh-in-f95.1e100.net Software ESF / Resource Hash b30e6a6b42cf941a8ea1392b9cc184985ec92fb2cb9f4ec4acf67d7431aafba9 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 22 Dec 2023 05:24:55 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 22 Dec 2023 05:24:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 22 Dec 2023 05:24:55 GMT
GET H2	200	css fonts.googleapis.com/	22 KB 975 B	104ms 42ms	Stylesheet text/css	172.253.122.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Barlow+Semi+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i&subset=latin&ver=5.9.3 Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.122.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS bh-in-f95.1e100.net Software ESF / Resource Hash 8fc445a4a6d5665340b424c071c05562fe2a87dc12d27b671ba2a24463bf2212 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 22 Dec 2023 05:24:55 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 22 Dec 2023 05:24:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 22 Dec 2023 05:24:55 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	1 KB 1 KB	106ms 45ms	Script text/javascript	172.253.122.105 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?onload=vueRecaptchaApiLoaded&render=explicit Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.122.105 , United States, ASN15169 (GOOGLE, US), Reverse DNS bh-in-f105.1e100.net Software GSE / Resource Hash 6da9ec975355a0a709a62d1a1bcd9c421ac0672f6bb3a3c0e9ea1577a6a862a7 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Fri, 22 Dec 2023 05:24:55 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Fri, 22 Dec 2023 05:24:55 GMT
GET H/1.1	200 OK	chunk-vendors.1a705f92.js Show response ufcw401safeway.drawbridge.ca/js/	3 MB 3 MB	63ms 61ms	Script application/javascript	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/js/chunk-vendors.1a705f92.js Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash 1dd49041bff19fc46e84d107f863e558064f15aeac50fd53a8b0635c1a4f183d Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://ufcw401safeway.drawbridge.ca/ Origin https://ufcw401safeway.drawbridge.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Connection keep-alive Content-Length 2835324 X-XSS-Protection 1; mode=block Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-2b437c" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://ufcw401safeway.drawbridge.ca Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Accept-Ranges bytes
GET H/1.1	200 OK	app.4093313a.js Show response ufcw401safeway.drawbridge.ca/js/	4 MB 4 MB	136ms 59ms	Script application/javascript	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/js/app.4093313a.js Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash bedf078889dc30ee783d6a45f6905735d04244dbed4f402499577985332bcda2 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://ufcw401safeway.drawbridge.ca/ Origin https://ufcw401safeway.drawbridge.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Connection keep-alive Content-Length 3843077 X-XSS-Protection 1; mode=block Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-3aa405" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://ufcw401safeway.drawbridge.ca Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Accept-Ranges bytes
GET H/1.1	200 OK	chunk-vendors.eb9198bd.css ufcw401safeway.drawbridge.ca/css/	1 MB 1 MB	141ms 65ms	Stylesheet text/css	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/css/chunk-vendors.eb9198bd.css Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash aa5b8a01c5eb17a88de4fee516ed3903f1e207c5da28ad7390983e12dc480646 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-119a12" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type text/css Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Connection keep-alive Accept-Ranges bytes Content-Length 1153554 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	app.86ce75d0.css ufcw401safeway.drawbridge.ca/css/	33 KB 34 KB	141ms 66ms	Stylesheet text/css	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/css/app.86ce75d0.css Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash dc08d5d2c3078d1dd1213d82e421014f95385ebcd1c742b719bd9dd23d05b685 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-833b" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type text/css Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Connection keep-alive Accept-Ranges bytes Content-Length 33595 X-XSS-Protection 1; mode=block
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/	503 KB 202 KB	108ms 32ms	Script text/javascript	142.251.16.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?onload=vueRecaptchaApiLoaded&render=explicit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.16.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS bl-in-f94.1e100.net Software sffe / Resource Hash daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ufcw401safeway.drawbridge.ca/ Origin https://ufcw401safeway.drawbridge.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Fri, 22 Dec 2023 00:59:21 GMT content-encoding gzip x-content-type-options nosniff age 15934 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 205927 x-xss-protection 0 last-modified Mon, 11 Dec 2023 05:01:12 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 21 Dec 2024 00:59:21 GMT
GET H2	200	css2 fonts.googleapis.com/	13 KB 796 B	43ms 40ms	Stylesheet text/css	172.253.122.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;500;600;700&display=swap Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/css/app.86ce75d0.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.253.122.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS bh-in-f95.1e100.net Software ESF / Resource Hash 18a15a00adb0f13efda64e8e3714e8c939ef7123cc06525acd6aa09fb368c1d7 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 22 Dec 2023 05:24:55 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 22 Dec 2023 03:39:24 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 22 Dec 2023 05:24:55 GMT
GET H/1.1	200 OK	config.json Show response ufcw401safeway.drawbridge.ca/	848 B 2 KB	40ms 39ms	XHR application/json	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/config.json Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/js/chunk-vendors.1a705f92.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash 223b53b6b8df888976aaf9406326eb287ffd31e855081de6284fd5bec7d62711 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/plain, */* Referer https://ufcw401safeway.drawbridge.ca/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-350" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type application/json Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Connection keep-alive Accept-Ranges bytes Content-Length 848 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	33d7d4c21be6f7ff.worker.js ufcw401safeway.drawbridge.ca/	846 KB 847 KB	42ms 42ms	Other application/javascript	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/33d7d4c21be6f7ff.worker.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash 10df70847aa48f37c7a71c56e8b1c4592f6aa0d0eebfe68e4ee75b9fba4795b8 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-d361a" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type application/javascript Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Connection keep-alive Accept-Ranges bytes Content-Length 865818 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	112.b6bc404f.js Show response ufcw401safeway.drawbridge.ca/js/	174 KB 175 KB	43ms 42ms	Script application/javascript	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://ufcw401safeway.drawbridge.ca/js/112.b6bc404f.js Requested by Host: ufcw401safeway.drawbridge.ca URL: https://ufcw401safeway.drawbridge.ca/js/app.4093313a.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / Resource Hash ad51ec869a300f9de7c09822a8eb94cfb7613ca212b4467d14f54eb777c78e68 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer https://ufcw401safeway.drawbridge.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 22 Dec 2023 05:24:55 GMT Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com; X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Fri, 01 Dec 2023 08:57:14 GMT Server nginx ETag "65699fea-2b8d6" Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' X-Frame-Options SAMEORIGIN Content-Type application/javascript Permissions-Policy geolocation=*,midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Connection keep-alive Accept-Ranges bytes Content-Length 178390 X-XSS-Protection 1; mode=block
GET		ufcw401safeway.drawbridge.ca mapi.drawbridge.ca/portal-settings/	0 0
GET		authenticate mapi.drawbridge.ca/auth/api/	0 0
OPTIONS H/1.1	204 No Content	authenticate mapi.drawbridge.ca/auth/api/	0 0	116ms 41ms	Preflight	66.225.152.152 TRGO
General Check archive.org Show headers Download Go to Full URL https://mapi.drawbridge.ca/auth/api/authenticate?lang= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 66.225.152.152 Woodbridge, Canada, ASN20161 (TRGO, CA), Reverse DNS static-66-225-152-152.ptr.terago.net Software nginx / ASP.NET Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' live.sf.pbasconnect.com cdnjs.cloudflare.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept */* Access-Control-Request-Headers access-control-allow-credentials,authorization Access-Control-Request-Method GET Origin https://ufcw401safeway.drawbridge.ca Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Connection keep-alive Content-Security-Policy default-src 'self' 'unsafe-inline' live.sf.pbasconnect.com cdnjs.cloudflare.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com; Date Fri, 22 Dec 2023 05:24:56 GMT Expect-CT enforce, max-age=300, report-uri='https://infrastructuremonitordbd.azurewebsites.net/ExpectCT' Permissions-Policy geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Server nginx Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Powered-By ASP.NET X-XSS-Protection 1; mode=block
GET		openid-configuration mapi.drawbridge.ca/auth/.well-known/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

mapi.drawbridge.ca

URL

https://mapi.drawbridge.ca/portal-settings/ufcw401safeway.drawbridge.ca

Domain

mapi.drawbridge.ca

URL

https://mapi.drawbridge.ca/auth/api/authenticate?lang=

Domain

mapi.drawbridge.ca

URL

https://mapi.drawbridge.ca/auth/.well-known/openid-configuration

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| webpackChunkweb_members_portal_vuejs object| recaptcha function| ChoiceField function| ListBox function| ComboBox function| EditBox function| Button function| PushButton function| RadioButton function| CheckBox function| TextField function| PasswordField object| AcroForm function| _jzlib_Deflater function| Deflater function| RGBColor function| PNG function| printJS object| regeneratorRuntime boolean| _pdfjsCompatibilityChecked function| CanadianBankAccount function| setImmediate function| clearImmediate object| vgaMapState function| initVGAMaps object| $cookies

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://ufcw401safeway.drawbridge.ca/ Message: Access to XMLHttpRequest at 'https://mapi.drawbridge.ca/portal-settings/ufcw401safeway.drawbridge.ca' from origin 'https://ufcw401safeway.drawbridge.ca' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mapi.drawbridge.ca/portal-settings/ufcw401safeway.drawbridge.ca Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ufcw401safeway.drawbridge.ca/ Message: Access to XMLHttpRequest at 'https://mapi.drawbridge.ca/auth/api/authenticate?lang=' from origin 'https://ufcw401safeway.drawbridge.ca' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mapi.drawbridge.ca/auth/api/authenticate?lang= Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://ufcw401safeway.drawbridge.ca/ Message: Access to XMLHttpRequest at 'https://mapi.drawbridge.ca/auth/.well-known/openid-configuration' from origin 'https://ufcw401safeway.drawbridge.ca' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mapi.drawbridge.ca/auth/.well-known/openid-configuration Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ccwipp.pbasconnect.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com contactus.pbasconnect.com mapi.drawbridge.ca mapi.pbasconnect.com maps.googleapis.com midentity.pbasconnect.com mavraidistest.blob.core.windows.net live.sf.pbasconnect.com ws1.postescanada-canadapost.ca api.payments.ca maps.gstatic.com api.pwnedpasswords.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
mapi.drawbridge.ca
ufcw401safeway.drawbridge.ca
www.google.com
www.gstatic.com
mapi.drawbridge.ca
142.251.16.94
172.253.122.105
172.253.122.95
66.225.152.152
10df70847aa48f37c7a71c56e8b1c4592f6aa0d0eebfe68e4ee75b9fba4795b8
18a15a00adb0f13efda64e8e3714e8c939ef7123cc06525acd6aa09fb368c1d7
1dd49041bff19fc46e84d107f863e558064f15aeac50fd53a8b0635c1a4f183d
223b53b6b8df888976aaf9406326eb287ffd31e855081de6284fd5bec7d62711
6da9ec975355a0a709a62d1a1bcd9c421ac0672f6bb3a3c0e9ea1577a6a862a7
8fc445a4a6d5665340b424c071c05562fe2a87dc12d27b671ba2a24463bf2212
aa5b8a01c5eb17a88de4fee516ed3903f1e207c5da28ad7390983e12dc480646
aab755296c44d7b3403cab6b5e9c5112e3455d781f710f592dacd9b5694ace71
ad51ec869a300f9de7c09822a8eb94cfb7613ca212b4467d14f54eb777c78e68
b30e6a6b42cf941a8ea1392b9cc184985ec92fb2cb9f4ec4acf67d7431aafba9
b57d1a88d80ba643d2ebf3b967a67050e087431061c55aa378262c034cb91a59
bedf078889dc30ee783d6a45f6905735d04244dbed4f402499577985332bcda2
daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24
dc08d5d2c3078d1dd1213d82e421014f95385ebcd1c742b719bd9dd23d05b685