Submitted URL: https://payplanplus.eu/
Effective URL: https://www.payplanplus.com/
Submission: On September 12 via manual from JP — Scanned from JP

Summary

This website contacted 14 IPs in 5 countries across 14 domains to perform 42 HTTP transactions. The main IP is 18.134.219.210, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is www.payplanplus.com.
TLS certificate: Issued by Amazon on April 27th 2022. Valid for: a year.
This is the only time www.payplanplus.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
14 payplanplus.com
www.payplanplus.com
323 KB
5 gstatic.com
fonts.gstatic.com
www.gstatic.com
199 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 871
script.hotjar.com — Cisco Umbrella Rank: 1152
vars.hotjar.com — Cisco Umbrella Rank: 1247
71 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 94
20 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 111
599 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 208
34 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 188
517 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 141
148 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 19
970 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 120
1000 B
1 payplanplus.eu
payplanplus.eu
100 B
0 google.co.jp Failed
www.google.co.jp Failed
0 googleoptimize.com Failed
www.googleoptimize.com Failed
0 cookiebot.com Failed
consent.cookiebot.com Failed
42 14
Domain Requested by
14 www.payplanplus.com www.payplanplus.com
4 www.google-analytics.com www.payplanplus.com
www.google-analytics.com
www.googletagmanager.com
3 www.gstatic.com www.google.com
www.payplanplus.com
www.gstatic.com
2 www.facebook.com www.payplanplus.com
2 connect.facebook.net www.payplanplus.com
connect.facebook.net
2 stats.g.doubleclick.net www.google-analytics.com
2 static.hotjar.com www.payplanplus.com
www.googletagmanager.com
2 www.googletagmanager.com www.payplanplus.com
www.googletagmanager.com
2 fonts.gstatic.com fonts.googleapis.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 www.google.com www.payplanplus.com
1 fonts.googleapis.com www.payplanplus.com
1 payplanplus.eu 1 redirects
0 www.google.co.jp Failed www.payplanplus.com
0 www.googleoptimize.com Failed www.googletagmanager.com
0 consent.cookiebot.com Failed www.googletagmanager.com
42 17

This site contains links to these domains. Also see Links.

Domain
itunes.apple.com
play.google.com
Subject Issuer Validity Valid
payplanplus.com
Amazon
2022-04-27 -
2023-05-26
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-08-22 -
2022-11-14
3 months crt.sh
www.google.com
GTS CA 1C3
2022-08-22 -
2022-11-14
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-08-22 -
2022-11-14
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-08-22 -
2022-11-14
3 months crt.sh
*.hotjar.com
Amazon
2021-11-25 -
2022-12-23
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-08-22 -
2022-11-14
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-06-21 -
2022-09-19
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.payplanplus.com/
Frame ID: E5CB030097DDAF69840DBFA2478B8661
Requests: 42 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
Frame ID: AB1E6E7F5B21E9B63A10196ADBD86315
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

PayPlan Plus

Page URL History Show full URLs

  1. https://payplanplus.eu/ HTTP 301
    https://www.payplanplus.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

42
Requests

88 %
HTTPS

64 %
IPv6

14
Domains

17
Subdomains

14
IPs

5
Countries

798 kB
Transfer

2358 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://payplanplus.eu/ HTTP 301
    https://www.payplanplus.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38
  • https://www.googleadservices.com/pagead/conversion/847143987/wcm?cc=ZZ&dn=08002802816&cl=vpEACJbz5nIQs8j5kwM&ct_eid=2 HTTP 0
  • https://www.google.co.jp/pagead/attribution/wcm?cc=ZZ&dn=08002802816&cl=vpEACJbz5nIQs8j5kwM

42 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.payplanplus.com/
Redirect Chain
  • https://payplanplus.eu/
  • https://www.payplanplus.com/
14 KB
6 KB
Document
General
Full URL
https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e21ebe425a2c1a132d86871bf92b8585c90903fae770d2465a84969b654cb44a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
4562
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
content-type
text/html; charset=iso-8859-1
date
Mon, 12 Sep 2022 09:21:21 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
feature-policy
autoplay 'none'; camera 'none'
pragma
no-cache
referrer-policy
same-origin
server
Apache
strict-transport-security
max-age=63072000; includeSubdomains;
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

content-length
236
content-type
text/html; charset=iso-8859-1
date
Mon, 12 Sep 2022 09:21:20 GMT
location
https://www.payplanplus.com/
server
Apache
style.css
www.payplanplus.com/_styles/
679 KB
97 KB
Stylesheet
General
Full URL
https://www.payplanplus.com/_styles/style.css
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
39a7a1d7d6e922fc430d45822287c3435c9c0bddf3e0a91bd04e9b067541c681
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=63072000; includeSubdomains;
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:53 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:21 GMT
ppp-icon-font.css
www.payplanplus.com/_styles/additional/
28 KB
9 KB
Stylesheet
General
Full URL
https://www.payplanplus.com/_styles/additional/ppp-icon-font.css
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
8521d5c5a8f00271edcf6f228dc77f81df307f39d004e8c192fc753f49c587b1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
7492
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:53 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
text/css
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:21 GMT
jquery.smartbanner.css
www.payplanplus.com/_styles/vendor/
12 KB
6 KB
Stylesheet
General
Full URL
https://www.payplanplus.com/_styles/vendor/jquery.smartbanner.css
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ee080afa2fced4df73107fe742f0d2fdd667861998dea78ec489d47187e1e71d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
4307
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:53 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
text/css
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:21 GMT
css
fonts.googleapis.com/
5 KB
1000 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400,700,400italic,700italic
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f6726d9b0d49c791700c7a4d5b0af43c5b0b2c75ee0547a145d980fa053b2134
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
date
Mon, 12 Sep 2022 09:21:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 12 Sep 2022 09:21:21 GMT
login.css
www.payplanplus.com/_styles/additional/
6 KB
5 KB
Stylesheet
General
Full URL
https://www.payplanplus.com/_styles/additional/login.css
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ec08360c2788eac43553d4484d5ada46c37b5413d53c9101bdb3b17b77ea9379
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
2776
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:53 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
text/css
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:21 GMT
jquery.min.js
www.payplanplus.com/_scripts/vendor/
87 KB
32 KB
Script
General
Full URL
https://www.payplanplus.com/_scripts/vendor/jquery.min.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
10b43604f77665c34368552d30d7e8758badb803dab29a1faf02912914db3c4f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
30947
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:52 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
application/javascript
cache-control
max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Tue, 12 Sep 2023 09:21:21 GMT
bootstrap.min.js
www.payplanplus.com/_scripts/vendor/
35 KB
11 KB
Script
General
Full URL
https://www.payplanplus.com/_scripts/vendor/bootstrap.min.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
2e23f9b66cfab88406f7fd29989cbf9e2646972a6dd44f9510897c7e1ccedd23
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
9559
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:52 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
application/javascript
cache-control
max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Tue, 12 Sep 2023 09:21:21 GMT
modernizr-custom.js
www.payplanplus.com/_scripts/
3 KB
3 KB
Script
General
Full URL
https://www.payplanplus.com/_scripts/modernizr-custom.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e95dcbc9d486252878397cb1ef7eaba624e63be9eb71b7096d65ecc8fd721b49
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
1119
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:52 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
application/javascript
cache-control
max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Tue, 12 Sep 2023 09:21:22 GMT
Download_on_the_App_Store_Badge_US-UK_135x40.svg
www.payplanplus.com//_images/svg/
12 KB
14 KB
Image
General
Full URL
https://www.payplanplus.com//_images/svg/Download_on_the_App_Store_Badge_US-UK_135x40.svg
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
content-length
12224
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:43 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"2fc0-5ded6d9e5ec48"
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
image/svg+xml
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:22 GMT
google-play-badge.png
www.payplanplus.com//_images/
14 KB
16 KB
Image
General
Full URL
https://www.payplanplus.com//_images/google-play-badge.png
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
154a049ad48569469224427f4d4cdab76324085720c480f99a716cd8bf9dca16
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
content-length
14830
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:37 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
image/png
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:22 GMT
api.js
www.google.com/recaptcha/
850 B
970 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81f::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
62873763c68dae3a2e2d5426b0bea772aa615eab4b31e48f8d35709dd49e84b8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
557
x-xss-protection
1; mode=block
expires
Mon, 12 Sep 2022 09:21:22 GMT
print.css
www.payplanplus.com/_styles/
8 KB
6 KB
Stylesheet
General
Full URL
https://www.payplanplus.com/_styles/print.css
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
308414913ea38304cd08c33fc5c7045e0153aba0f2a3d1b28eaede35c0bf72bb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
3850
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:53 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
text/css
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:22 GMT
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e5c0ac15584dda19135687d22525ddde888491bfc8bc2f2fa993931bd3bdb2e

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml;charset=utf-8
PPP%20Log%20in%20page%20image.jpg
www.payplanplus.com/_images/
86 KB
88 KB
Image
General
Full URL
https://www.payplanplus.com/_images/PPP%20Log%20in%20page%20image.jpg?1631025425
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/_styles/additional/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
dd9101792505b31a0260d93d4606776720d75fb03e78e1608b1035644b4acdd2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.payplanplus.com/_styles/additional/login.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
content-length
88412
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:33 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
image/jpeg
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:22 GMT
jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v17/
11 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExcOPIDU.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700,400italic,700italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.payplanplus.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 07 Sep 2022 19:28:06 GMT
x-content-type-options
nosniff
age
395596
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11340
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Sep 2023 19:28:06 GMT
payplanplus.woff
www.payplanplus.com/fonts/
21 KB
22 KB
Font
General
Full URL
https://www.payplanplus.com/fonts/payplanplus.woff?v=1.0.0
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/_styles/additional/ppp-icon-font.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
4b918dc34049e1945943597610ba2a66719161cd6ddd44fc6f86477cf7a68eec
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://www.payplanplus.com/_styles/additional/ppp-icon-font.css
Origin
https://www.payplanplus.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
content-length
21064
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:01:07 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"5248-5ded6db4e88b0"
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
application/font-woff
cache-control
max-age=2592000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Wed, 12 Oct 2022 09:21:22 GMT
jizfRExUiTo99u79B_mh0O6tLR8a8zI.woff2
fonts.gstatic.com/s/ptsans/v17/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLR8a8zI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700,400italic,700italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6e8aec7ccc3eb5c11b1b26ddb6d10bffafd6c57f9841e8c8d2a7a869ff696d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.payplanplus.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 07 Sep 2022 19:30:00 GMT
x-content-type-options
nosniff
age
395482
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11540
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:03:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Sep 2023 19:30:00 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/
387 KB
154 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52995c7482cb8361e6abfee05a9ec892a3d85679cdcf995e7f2fe711c6ba0150
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.payplanplus.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 06 Sep 2022 17:40:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
488464
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
157166
x-xss-protection
0
last-modified
Tue, 06 Sep 2022 00:04:24 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 06 Sep 2023 17:40:18 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
6134
date
Mon, 12 Sep 2022 07:39:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 12 Sep 2022 09:39:08 GMT
gtm.js
www.googletagmanager.com/
210 KB
75 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K6DVHR
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:821::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
704d82f84ea2a286fd1b50967b65f0b51f96eaec1c8cc55dc656cfdb3cd5f582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
76181
x-xss-protection
0
last-modified
Mon, 12 Sep 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 12 Sep 2022 09:21:22 GMT
hotjar-427396.js
static.hotjar.com/c/
4 KB
3 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-427396.js?sv=5
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.173.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-173-29.nrt57.r.cloudfront.net
Software
/
Resource Hash
c3351980d27ebcb5b88cb4df55388f27a6c5a361e68505d104862abb6f3c94cd
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
5
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=604800; includeSubDomains
access-control-allow-origin
*
x-cache-hit
1
etag
W/6bfcf95775b09aac85cbba761a047cda
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 3253dc56b233308f5dacddef0638c66c.cloudfront.net (CloudFront)
cache-control
max-age=60
x-amz-cf-pop
NRT57-C4
x-amz-cf-id
LZGbAyN_NP7zOZzbuPalXWv5zWnzoY1osqRH6zujHUe1RY26UxYfTw==
production.min.js
www.payplanplus.com/_scripts/
19 KB
7 KB
XHR
General
Full URL
https://www.payplanplus.com/_scripts/production.min.js?_=1662974482443
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/_scripts/vendor/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.219.210 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-219-210.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f72c491cfd121b7f6812593d8dda6e39a46e5af3161b157b83e0971a95dbbe22
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.payplanplus.com/
X-Requested-With
XMLHttpRequest
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
vary
Accept-Encoding
content-length
5225
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
same-origin
last-modified
Thu, 12 May 2022 21:00:52 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
application/javascript
cache-control
max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
accept-ranges
bytes
expires
Tue, 12 Sep 2023 09:21:22 GMT
modules.448392d04fd1e15c100a.js
script.hotjar.com/
251 KB
65 KB
Script
General
Full URL
https://script.hotjar.com/modules.448392d04fd1e15c100a.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-427396.js?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.174.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-174-94.nrt57.r.cloudfront.net
Software
/
Resource Hash
f71d619eeb07bc673c2492806d833f46a861d4ca81e84acb4553898fd4e3f0d2
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 07 Sep 2022 10:58:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
426194
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=604800; includeSubDomains
content-length
65486
access-control-allow-origin
*
last-modified
Wed, 07 Sep 2022 10:57:54 GMT
etag
"dda0289b22368ab84a40f8dab68ddb9e"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 13f9acb9132808e8bc1d9cdb66665fd2.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
NRT57-C2
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
UJ2YgkY9dbItqqcP01QtOBDsOu5HeL9ITWOtNB_QnF5HYk30RLFhfw==
collect
www.google-analytics.com/j/
4 B
212 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1404987032&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payplanplus.com%2F&ul=en-us&de=windows-1252&dt=PayPlan%20Plus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=801964822&gjid=978118796&cid=1689039437.1662974483&tid=UA-24148602-1&_gid=2067532079.1662974483&_r=1&_slc=1&z=1285483515
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 12 Sep 2022 09:21:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.payplanplus.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
box-69edcc3187336f9b0a3fbb4c73be9fe6.html
vars.hotjar.com/ Frame AB1E
2 KB
1 KB
Document
General
Full URL
https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-427396.js?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.174.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-174-110.nrt57.r.cloudfront.net
Software
/
Resource Hash
867b23a408fa99143955de5665345cda886857174c328d2828e5dcd33bd98cd1
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
age
432254
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 07 Sep 2022 09:17:08 GMT
etag
"f6a9ca04b0687ea3c0d98e8430c8c77b"
last-modified
Wed, 07 Sep 2022 09:16:57 GMT
strict-transport-security
max-age=604800; includeSubDomains
vary
Accept-Encoding
via
1.1 646b6f21a2659c68f7a3822d035b97d2.cloudfront.net (CloudFront)
x-amz-cf-id
Cc9vPlOT-ZhWc-f14KwDoY7ISBkfOhkPu5BIK22lgh616z-FMQ3CwA==
x-amz-cf-pop
NRT57-C2
x-cache
Hit from cloudfront
x-robots-tag
none
collect
stats.g.doubleclick.net/j/
1 B
442 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-24148602-1&cid=1689039437.1662974483&jid=801964822&gjid=978118796&_gid=2067532079.1662974483&_u=IEBAAEAAAAAAAC~&z=305705999
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4008:c07::9c Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 12 Sep 2022 09:21:22 GMT
content-type
text/plain
access-control-allow-origin
https://www.payplanplus.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
209 KB
73 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-608FW4L47X&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DVHR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:821::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
05f720cd70b8a8b55b8326b101ad5e57b85aa6ad0bad4890e8cabfed6ed6f83c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74746
x-xss-protection
0
expires
Mon, 12 Sep 2022 09:21:22 GMT
uc.js
consent.cookiebot.com/
0
0

hotjar-2599337.js
static.hotjar.com/c/
5 KB
3 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2599337.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DVHR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.173.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-173-29.nrt57.r.cloudfront.net
Software
/
Resource Hash
bbb863c50b2d006cbd8a1b650e5a8e710334a782be22f5cc3198de89e1688628
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
5
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=604800; includeSubDomains
access-control-allow-origin
*
x-cache-hit
1
etag
W/f2ad5ce928d1c77228c5663bde2723c2
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 3253dc56b233308f5dacddef0638c66c.cloudfront.net (CloudFront)
cache-control
max-age=60
x-amz-cf-pop
NRT57-C4
x-amz-cf-id
TzWYJJ43ZkO_bKWg4uEol23tS2aKklUHAAsy6IIYATYRBEMMN8d3ZA==
fbevents.js
connect.facebook.net/en_US/
100 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26737
x-xss-protection
0
pragma
public
x-fb-debug
GF4NXOcxf8/p3+9RRh01SfcXRPIy0/Um/HXGN/2tDI+uNpcb8uDOLFSkcCYExBAVWoYh4ZFZZCUxiCkRvec/DA==
x-fb-trip-id
382461245
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Mon, 12 Sep 2022 09:21:22 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
loader.js
www.gstatic.com/wcm/
3 KB
1 KB
Script
General
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 08:26:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
3312
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
last-modified
Mon, 15 Mar 2021 16:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Mon, 12 Sep 2022 09:26:10 GMT
optimize.js
www.googleoptimize.com/
0
0

collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1404987032&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payplanplus.com%2F&ul=en-us&de=windows-1252&dt=PayPlan%20Plus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=2008593098&gjid=631777013&cid=1689039437.1662974483&tid=UA-3628021-2&_gid=2067532079.1662974483&_r=1&gtm=2wg970K6DVHR&z=112595310
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:811::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 12 Sep 2022 09:21:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.payplanplus.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
1988935728062678
connect.facebook.net/signals/config/
24 KB
7 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1988935728062678?v=2.9.79&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
bb7b3e359fd44171bc59166c5addf14d81c289f80e215f6714d5b14826b97b17
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
6715
x-xss-protection
0
pragma
public
x-fb-debug
8Xz7pGoMaM0ZbUMNGlkep+MQJ2f7hgL4I6jA9Cm+0DtIsTj5Z5CDUuNTmjbRHeNB0QH3E2OMcg2yqm+184T79Q==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Mon, 12 Sep 2022 09:21:22 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
398 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1988935728062678&ev=PageView&dl=https%3A%2F%2Fwww.payplanplus.com%2F&rl=&if=false&ts=1662974482688&sw=1600&sh=1200&v=2.9.79&r=stable&ec=0&o=28&fbp=fb.1.1662974482687.1444521682&it=1662974482673&coo=false&rqm=GET
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Mon, 12 Sep 2022 09:21:22 GMT
/
www.facebook.com/tr/
44 B
201 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1988935728062678&ev=Lead&dl=https%3A%2F%2Fwww.payplanplus.com%2F&rl=&if=false&ts=1662974482689&sw=1600&sh=1200&v=2.9.79&r=stable&ec=1&o=28&fbp=fb.1.1662974482687.1444521682&it=1662974482673&coo=false&rqm=GET
Requested by
Host: www.payplanplus.com
URL: https://www.payplanplus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 12 Sep 2022 09:21:22 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Mon, 12 Sep 2022 09:21:22 GMT
call-tracking_7.js
www.gstatic.com/call-tracking/
54 KB
21 KB
Script
General
Full URL
https://www.gstatic.com/call-tracking/call-tracking_7.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 06 Sep 2022 13:10:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504634
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21020
x-xss-protection
0
last-modified
Wed, 03 Feb 2021 22:45:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-telephony"
vary
Accept-Encoding
report-to
{"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 06 Sep 2023 13:10:48 GMT
collect
stats.g.doubleclick.net/j/
7 B
75 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3628021-2&cid=1689039437.1662974483&jid=2008593098&gjid=631777013&_gid=2067532079.1662974483&_u=aEDAAEABAAAAAC~&z=638690536
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4008:c07::9c Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2bd7a2c113455cb6a015b33188207c2f7f5b5e7c584ce1ea4f8b0a1e990da133
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 12 Sep 2022 09:21:22 GMT
content-type
text/plain
access-control-allow-origin
https://www.payplanplus.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
wcm
www.google.co.jp/pagead/attribution/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/847143987/wcm?cc=ZZ&dn=08002802816&cl=vpEACJbz5nIQs8j5kwM&ct_eid=2
  • https://www.google.co.jp/pagead/attribution/wcm?cc=ZZ&dn=08002802816&cl=vpEACJbz5nIQs8j5kwM
0
0

ga-audiences
www.google.com/ads/
0
0

ga-audiences
www.google.co.jp/ads/
0
0

collect
www.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-608FW4L47X&gtm=2oe970&_p=1404987032&cid=1689039437.1662974483&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1662974482&sct=1&seg=0&dl=https%3A%2F%2Fwww.payplanplus.com%2F&dt=PayPlan%20Plus&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-608FW4L47X&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:811::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
no-cache
date
Mon, 12 Sep 2022 09:21:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.payplanplus.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
consent.cookiebot.com
URL
https://consent.cookiebot.com/uc.js?cbid=1719f2cb-1b64-4109-9b16-ddfd42831cd9
Domain
www.googleoptimize.com
URL
https://www.googleoptimize.com/optimize.js?id=GTM-5FJ9ZQF
Domain
www.google.co.jp
URL
https://www.google.co.jp/pagead/attribution/wcm?cc=ZZ&dn=08002802816&cl=vpEACJbz5nIQs8j5kwM
Domain
www.google.com
URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3628021-2&cid=1689039437.1662974483&jid=2008593098&_u=aEDAAEABAAAAAC~&z=255840281
Domain
www.google.co.jp
URL
https://www.google.co.jp/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3628021-2&cid=1689039437.1662974483&jid=2008593098&_u=aEDAAEABAAAAAC~&z=255840281

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client string| GoogleAnalyticsObject function| ga object| dataLayer function| hj object| _hjSettings object| Modernizr object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| recaptcha object| google_tag_manager function| fbq function| _fbq function| _googWcmImpl string| _googWcmAk function| _googWcmGet function| _googWccDebug function| _googCallTrackingImpl function| _gaPhoneImpl object| breakpoint object| keyCodeMap string| vehicleDetailsHtmlTemplate number| vehicleIndex function| handleVehicleDetailsHtml string| otherAssetsHtmlTemplate number| assetIndex function| handleAssetDetailsHtml function| onYouTubeIframeAPIReady

12 Cookies

Domain/Path Name / Value
www.payplanplus.com/ Name: PHPSESSID
Value: bl76ho2btdq6h3pocg52pdiusb
.payplanplus.com/ Name: _gid
Value: GA1.2.2067532079.1662974483
.payplanplus.com/ Name: _gat
Value: 1
.payplanplus.com/ Name: _hjSessionUser_427396
Value: eyJpZCI6Ijc5MzI1OTZiLTFjYzktNWU3Yy05ZWQ1LTdjNmIzZmUyMmJiMCIsImNyZWF0ZWQiOjE2NjI5NzQ0ODI1NTEsImV4aXN0aW5nIjpmYWxzZX0=
.payplanplus.com/ Name: _hjFirstSeen
Value: 1
www.payplanplus.com/ Name: _hjIncludedInSessionSample
Value: 0
.payplanplus.com/ Name: _hjSession_427396
Value: eyJpZCI6ImUyYTgzNGViLWYzNzAtNDI4ZC04ZmE0LWQ1NDhkZjdmYjIxYyIsImNyZWF0ZWQiOjE2NjI5NzQ0ODI2MDUsImluU2FtcGxlIjpmYWxzZX0=
.payplanplus.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.payplanplus.com/ Name: _gat_UA-3628021-2
Value: 1
.payplanplus.com/ Name: _fbp
Value: fb.1.1662974482687.1444521682
.payplanplus.com/ Name: _ga_608FW4L47X
Value: GS1.1.1662974482.1.0.1662974482.0.0.0
.payplanplus.com/ Name: _ga
Value: GA1.1.1689039437.1662974483

5 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DVHR(Line 46)
Message:
Refused to load the script 'https://consent.cookiebot.com/uc.js?cbid=1719f2cb-1b64-4109-9b16-ddfd42831cd9' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DVHR(Line 454)
Message:
Refused to load the script 'https://www.googleoptimize.com/optimize.js?id=GTM-5FJ9ZQF' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.payplanplus.com/
Message:
Refused to load the image 'https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3628021-2&cid=1689039437.1662974483&jid=2008593098&_u=aEDAAEABAAAAAC~&z=255840281' because it violates the following Content Security Policy directive: "img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com".
security error URL: https://www.payplanplus.com/
Message:
Refused to load the image 'https://www.google.co.jp/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3628021-2&cid=1689039437.1662974483&jid=2008593098&_u=aEDAAEABAAAAAC~&z=255840281' because it violates the following Content Security Policy directive: "img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com".
security error URL: https://www.payplanplus.com/
Message:
Refused to connect to 'https://www.google.co.jp/pagead/attribution/wcm?cc=ZZ&dn=08002802816&cl=vpEACJbz5nIQs8j5kwM' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.securetrading.net/ https://www.google.co.uk https://*.facebook.net http://*.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://browser-update.org https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://www.payplan.com/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://www.facebook.com www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google.co.uk http://www.google.co.uk https://www.googleadservices.com https://www.googletagmanager.com https://apis.google.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com; frame-ancestors 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' https://payments.securetrading.net/process/payments/choice https://www.trustpilot.co.uk/evaluate/www.payplan.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
consent.cookiebot.com
fonts.googleapis.com
fonts.gstatic.com
payplanplus.eu
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.co.jp
www.google.com
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.payplanplus.com
consent.cookiebot.com
www.google.co.jp
www.google.com
www.googleoptimize.com
13.225.173.29
13.33.174.110
13.33.174.94
18.134.219.210
18.169.22.98
2404:6800:4004:811::200a
2404:6800:4004:811::200e
2404:6800:4004:81f::2004
2404:6800:4004:821::2008
2404:6800:4004:823::2003
2404:6800:4004:826::2003
2404:6800:4008:c07::9c
2a03:2880:f00f:8:face:b00c:0:1
2a03:2880:f10f:83:face:b00c:0:25de
05f720cd70b8a8b55b8326b101ad5e57b85aa6ad0bad4890e8cabfed6ed6f83c
10b43604f77665c34368552d30d7e8758badb803dab29a1faf02912914db3c4f
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
154a049ad48569469224427f4d4cdab76324085720c480f99a716cd8bf9dca16
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
1e5c0ac15584dda19135687d22525ddde888491bfc8bc2f2fa993931bd3bdb2e
2bd7a2c113455cb6a015b33188207c2f7f5b5e7c584ce1ea4f8b0a1e990da133
2e23f9b66cfab88406f7fd29989cbf9e2646972a6dd44f9510897c7e1ccedd23
308414913ea38304cd08c33fc5c7045e0153aba0f2a3d1b28eaede35c0bf72bb
39a7a1d7d6e922fc430d45822287c3435c9c0bddf3e0a91bd04e9b067541c681
4b918dc34049e1945943597610ba2a66719161cd6ddd44fc6f86477cf7a68eec
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383
52995c7482cb8361e6abfee05a9ec892a3d85679cdcf995e7f2fe711c6ba0150
5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783
62873763c68dae3a2e2d5426b0bea772aa615eab4b31e48f8d35709dd49e84b8
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
704d82f84ea2a286fd1b50967b65f0b51f96eaec1c8cc55dc656cfdb3cd5f582
8521d5c5a8f00271edcf6f228dc77f81df307f39d004e8c192fc753f49c587b1
867b23a408fa99143955de5665345cda886857174c328d2828e5dcd33bd98cd1
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6e8aec7ccc3eb5c11b1b26ddb6d10bffafd6c57f9841e8c8d2a7a869ff696d5
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bb7b3e359fd44171bc59166c5addf14d81c289f80e215f6714d5b14826b97b17
bbb863c50b2d006cbd8a1b650e5a8e710334a782be22f5cc3198de89e1688628
c3351980d27ebcb5b88cb4df55388f27a6c5a361e68505d104862abb6f3c94cd
dd9101792505b31a0260d93d4606776720d75fb03e78e1608b1035644b4acdd2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e21ebe425a2c1a132d86871bf92b8585c90903fae770d2465a84969b654cb44a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e95dcbc9d486252878397cb1ef7eaba624e63be9eb71b7096d65ecc8fd721b49
ec08360c2788eac43553d4484d5ada46c37b5413d53c9101bdb3b17b77ea9379
ee080afa2fced4df73107fe742f0d2fdd667861998dea78ec489d47187e1e71d
f6726d9b0d49c791700c7a4d5b0af43c5b0b2c75ee0547a145d980fa053b2134
f71d619eeb07bc673c2492806d833f46a861d4ca81e84acb4553898fd4e3f0d2
f72c491cfd121b7f6812593d8dda6e39a46e5af3161b157b83e0971a95dbbe22
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df