www.gympass.com Open in urlscan Pro
2600:9000:2491:9800:18:69db:c00:93a1  Public Scan

Submitted URL: https://u3433257.ct.sendgrid.net/ls/click?upn=u001.0WhRzOhSyLif7AQIwgSoFs49FUTs9GHN-2BKMLIfOTaroaL2IYTgtjKeTQFyYWZg5quc0-2Fjh3Okt...
Effective URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20...
Submission: On December 23 via manual from BR — Scanned from DE

Summary

This website contacted 10 IPs in 2 countries across 8 domains to perform 49 HTTP transactions. The main IP is 2600:9000:2491:9800:18:69db:c00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.gympass.com. The Cisco Umbrella rank of the primary domain is 605158.
TLS certificate: Issued by Amazon RSA 2048 M03 on May 9th 2024. Valid for: a year.
This is the only time www.gympass.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.23 11377 (SENDGRID)
3 16 2600:9000:249... 16509 (AMAZON-02)
20 13.32.121.104 16509 (AMAZON-02)
2 142.250.186.68 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.120.195.249 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 107.20.210.180 14618 (AMAZON-AES)
1 99.86.8.175 16509 (AMAZON-02)
6 2600:9000:249... 16509 (AMAZON-02)
49 10
Apex Domain
Subdomains
Transfer
24 gympass.com
www.gympass.com — Cisco Umbrella Rank: 605158
snowplow-collector.gympass.com — Cisco Umbrella Rank: 514228
unleash-edge-code.gympass.com — Cisco Umbrella Rank: 491272
671 KB
20 cloudfront.net
d4ap29roc7969.cloudfront.net
972 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 3
1 KB
1 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1935
1 KB
1 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1024
6 KB
1 sentry.io
o4504963224764416.ingest.sentry.io — Cisco Umbrella Rank: 850744
297 B
1 gstatic.com
www.gstatic.com
218 KB
1 sendgrid.net
u3433257.ct.sendgrid.net — Cisco Umbrella Rank: 868684
382 B
49 8
Domain Requested by
20 d4ap29roc7969.cloudfront.net www.gympass.com
d4ap29roc7969.cloudfront.net
16 www.gympass.com 3 redirects www.gympass.com
d4ap29roc7969.cloudfront.net
6 unleash-edge-code.gympass.com d4ap29roc7969.cloudfront.net
2 snowplow-collector.gympass.com d4ap29roc7969.cloudfront.net
2 www.google.com www.gympass.com
www.gstatic.com
1 cdn.segment.com d4ap29roc7969.cloudfront.net
1 cdn.optimizely.com d4ap29roc7969.cloudfront.net
1 o4504963224764416.ingest.sentry.io d4ap29roc7969.cloudfront.net
1 www.gstatic.com www.google.com
1 u3433257.ct.sendgrid.net 1 redirects
49 10

This site contains links to these domains. Also see Links.

Domain
wellhub.com
Subject Issuer Validity Valid
gympass.com
Amazon RSA 2048 M03
2024-05-09 -
2025-06-06
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2024-07-30 -
2025-07-03
a year crt.sh
*.google.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
*.gstatic.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-03 -
2025-07-29
10 months crt.sh
cdn.optimizely.com
WE1
2024-12-19 -
2025-03-19
3 months crt.sh
*.gympass.com
Amazon RSA 2048 M02
2024-05-31 -
2025-06-29
a year crt.sh
*.segment.com
Amazon RSA 2048 M02
2024-10-15 -
2025-11-14
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Frame ID: B1416A22DAE06B31979EDFE24F50B262
Requests: 43 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcbYHgeAAAAAKHcltm77zJ0Gi6K-4Cjbtzg0cpy&co=aHR0cHM6Ly93d3cuZ3ltcGFzcy5jb206NDQz&hl=de&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ax1iya7wtyeu
Frame ID: 19076C06EC4454C6482602123F00B952
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Wellhub: Sign Up

Page URL History Show full URLs

  1. https://u3433257.ct.sendgrid.net/ls/click?upn=u001.0WhRzOhSyLif7AQIwgSoFs49FUTs9GHN-2BKMLIfOTaroaL2IYTgtjKeTQ... HTTP 302
    https://www.gympass.com/sign-up/eligibility/?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_... HTTP 308
    https://www.gympass.com/sign-up/eligibility?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_n... HTTP 307
    https://www.gympass.com/sign-up/enter-account-email/?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&... HTTP 308
    https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&c... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

49
Requests

96 %
HTTPS

40 %
IPv6

8
Domains

10
Subdomains

10
IPs

2
Countries

1866 kB
Transfer

5390 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u3433257.ct.sendgrid.net/ls/click?upn=u001.0WhRzOhSyLif7AQIwgSoFs49FUTs9GHN-2BKMLIfOTaroaL2IYTgtjKeTQFyYWZg5quc0-2Fjh3OktLZOoH0RCbt0isTqoNLE8AahXFnVPlrY2irX1gs3V65ZzOrVspSfMbj0QB9w4ZcZMPQGhMBGTSmHsKCsEnCO43vv4nu-2BcLCp3XPz9ExIdm3MLHLWOZF8tQOqaYH6TOFpGeFM9p6s56XVwqdS1K23wX7S3kO1mV3fW9x76EN-2B4Put4E87RMWkVBKUp_U_r-2FcpYW2KRUAb3s1c1h7eIk1zGTW6GvdQk4a-2FY-2FJjUUw5IuzhcIQzqSezxpDvlqai6fncs7zacZ5YM5Z0QFdsSpbDIabMvtPsfVUT4Q2FRDl83w0dSzoTWIXxb6Lg-2FF7Bk4qtnbgpvOTiQo8pimDqLeAm8zwSLnlQWfUKQs9DlTP1q81unaQ7xNg70Nvqfln082S-2Bb89K7BzNBWMDX6ro-2BaHlELbB7SWBI-2FtKIOGeUIvZFbZIcyHj29zSEYSqbMXgYPh0-2BBscbvBDzp67jFOscm6nb9bgYHobQdfmZu-2BAmuRyGvYJSW62pp-2BGANFACyPLYFG5rPGcnKvT0x52TIw8wdrpRtDqmiUtx2TYoLrkeA2-2FzpZUTW21kVIExxZsbSoeg6-2FKcH0bK55nQTJbyrBnyA7dieLQaLUXFvzKW-2FQCdlOftud8FTFcb5d8JFgzWIQOJaGz6cu6bMEe-2B28kvFtc5cgsCzU-2Fiz5depXdCFmKkuqb7SNiW2zMmkFF7iGT51kgDXn-2BPpr-2Bh7ppIz73BSsZ6svBzpThM-2Bccj0mVg4Wclt60XCQ5cPmbjOtDhwE-2FQ8egKbo5U6UA1ldkvLiApU343kRiTuDxf9a0-2BuSA9RxSgu32GA-2Fs-2Fxg6sBMJBEzQE-2F-2BddvReVsv5JmcBJ4eYGqwXFDunkH6-2F3rXGVMOad0C-2BcAix8wupddrUiXHi-2FsbZ1yVGIVnBPaoJG8qYo4oHaCVqOHzlWwqmipfZE-2BY-2Bk3y0xcP5NvBTnhc07R8L06ITzQpVSGQGBsKPl1U9MNN3nSjTaMp-2Ft4z8pwnR-2Bx-2BLjPvFB8TUX2ALebR84vIw9PUrawKchjRFP4yTfpY-2BrQuRjgipqX-2FM74CG7j-2BrjqzIc2IdH34bpRkWcckdWnNs1-2FXsrAhI-2BAWaxFeuI4GEnA3LQ1U1iQ-3D-3D HTTP 302
    https://www.gympass.com/sign-up/eligibility/?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa+&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337 HTTP 308
    https://www.gympass.com/sign-up/eligibility?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337 HTTP 307
    https://www.gympass.com/sign-up/enter-account-email/?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa+&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago+Tadeu+Argento HTTP 308
    https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request enter-account-email
www.gympass.com/sign-up/
Redirect Chain
  • https://u3433257.ct.sendgrid.net/ls/click?upn=u001.0WhRzOhSyLif7AQIwgSoFs49FUTs9GHN-2BKMLIfOTaroaL2IYTgtjKeTQFyYWZg5quc0-2Fjh3OktLZOoH0RCbt0isTqoNLE8AahXFnVPlrY2irX1gs3V65ZzOrVspSfMbj0QB9w4ZcZMPQGh...
  • https://www.gympass.com/sign-up/eligibility/?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa+&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337
  • https://www.gympass.com/sign-up/eligibility?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337
  • https://www.gympass.com/sign-up/enter-account-email/?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa+&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibilit...
  • https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibili...
25 KB
8 KB
Document
General
Full URL
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Next.js
Resource Hash
2dcaaf9981f22cb254df78ea54589a2e911975cafa522ef310f323d42aa5a796

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
private, no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 23 Dec 2024 17:06:56 GMT
etag
"hiiehxha6wk2t"
vary
Accept-Encoding
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
x-amz-cf-id
pgalTb19djqfTq0RfwbxQcrIPPBMdyu3j4Iz4fHRaYdGAbMZkWvRDA==
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
x-powered-by
Next.js

Redirect headers

date
Mon, 23 Dec 2024 17:06:55 GMT
location
/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
refresh
0;url=/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
x-amz-cf-id
vanXVKEz1p0_F1LJIilVn5Aq7mwJi3KgDEIhsqTbUi2Pw5lV7qQRtw==
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
image
www.gympass.com/sign-up/_next/
29 KB
29 KB
Image
General
Full URL
https://www.gympass.com/sign-up/_next/image?url=%2Fsign-up%2F_next%2Fstatic%2Fmedia%2FSignUp-Image_2x.58e746f6.webp&w=1200&q=75
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e4e81c747dac6a465beb9f5f9cc3e9e84457bd44282f674fb4c9ea3125d01a50
Security Headers
Name Value
Content-Security-Policy script-src 'none'; frame-src 'none'; sandbox;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
x-amz-cf-id
DnW7jU3Q7bnKi1xI9uBUZ4HP-H32jzSjuDgci2aihB_5VK2mQDjrhg==
content-security-policy
script-src 'none'; frame-src 'none'; sandbox;
cache-control
public, max-age=315360000, immutable
etag
5OgcdH2sakZb659fnMPp6ERXvUQoL2dPtMnqMSXQGlA=
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
29320
x-nextjs-cache
HIT
date
Mon, 23 Dec 2024 17:06:56 GMT
content-type
image/webp
vary
Accept
content-disposition
inline; filename="SignUp-Image_2x.webp"
webpack-84839eff88a6eb21.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
83 KB
24 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
efb3577e26800de7be1d43d138ec02d68702cb40298b45060cab54da6de2591e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"e8fd729ac79403e76860876860121bbd"
x-amz-version-id
z6v0_p5lad0N4CSMB_nKJHInKkYpsosK
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
GrIl0vwZtWFmrN6bZNXXf6yReoIZBrHtrpebXCSHSI7_A4t5FS6c0w==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:09 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
main-c48f7a40317ae598.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
378 KB
114 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/main-c48f7a40317ae598.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8522f36d68265ecf3f50f4ad40bf4fa68c569fc9902315550484848b5a246f8a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"236e24f516a70f43862efb6333df41f9"
x-amz-version-id
4LstlLdeS6ZE6GHvdzq1oOPLvs1_alYb
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
J7H0sYmQS4rE3VSNe3Xis741DOktsrIDd_3bgao3aAopdfaBxE8kVg==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:07 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
_app-bbc92cafbec97a11.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/
2 MB
594 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bdd7113bc765429eedaaeb98daa5a64dae9101f33ddc1b825a3a5db94133f91d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"a7083150e695fa7c46915658f91bebcb"
x-amz-version-id
Vo30OGAOpT92Y7sOndQa9KTUtD2A_ioN
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
wncH7Yl4l8yTt8pEiMpG-_aNU40sukPsHUJchyKMdaee_tGaRWHDcA==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 15:50:56 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
9e2f7c2e-ad1dbc34661f47a8.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
248 KB
100 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/9e2f7c2e-ad1dbc34661f47a8.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a9210682cf55d46f24ceca6985dfa341fa67e4e599ce0363b1c51469af89a869
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"68c856f4ad5e0619ee451fda69dcb27b"
x-amz-version-id
4im5ZW.4K2ZrP1b.Io9g_n8SBml43hLJ
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
nonuV8p5sv2MFpCQyRuNTBIyWl4d4gbv6caJ7RJLkQiiMM5xMWIing==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:07 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
87c23e14-0e9df6e6a4e66d5e.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
130 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/87c23e14-0e9df6e6a4e66d5e.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
311fcc7ef2c736a24140e2c347b112aaae34598c9d4e88cbd252aca1b747dfd7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
2mIrpW_XhDLTM7pI7q.SPiMVQjhATOxm
etag
"6aa86ee5eb96556cd4e269bef53bd449"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
lUZ2fR06TNpq19Zw-ViowhfeD1wNxMg2lAjWIHDJSQUC5mrSYlYNvA==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Thu, 19 Dec 2024 20:45:40 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
130
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
244c241b-713c38529ea8007f.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
130 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/244c241b-713c38529ea8007f.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9872896b36a87f149731a0b35d42e2566e0ea938bde3a854e01302cde3bcb78c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
VdcGTVYfyLkt_oClQErcUmC8vOgF1C1V
etag
"5d557abc7f6904479c56fe0a5f0831e4"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
I58QI2X5BMZsjuS9eaN-ZCt15xeKwsb5LAQIWIE85Nho23ZLHM9mYg==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:06 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
130
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
59daf2dc-58b58edcaee9714c.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
130 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/59daf2dc-58b58edcaee9714c.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ac4377c8074d6ea6c71bf36511f7fe4fb7b51e18e8bdf8b5ecc25ec87786ddd5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
KTqWO9fBfcNxyxY3rPZG8NgL0_E1kl5g
etag
"1b7259c354c82216d68b68c4e5d5110b"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
k1irvAbS9wf2kAh5hkTVKM8BfUiUiyH8tPHZtYMorBBgsifNa1nRaA==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Thu, 19 Dec 2024 20:45:40 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
130
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
9bfaba91-77fd6b01ed8a8e2d.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
130 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/9bfaba91-77fd6b01ed8a8e2d.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e2e4f167f610e832997acd1a81aafc8e866aa642c7083a9db373538ac576419
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
uYDhCV1B7OF8EsTkN3PilM7VdixRaxqG
etag
"06802293ee7e47f721ffddc62df604e1"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
KFfKA7fD8j3hzwJtl3gmWcAZxeGWOZKN0MXmVhos6t6MhzZmxg16-w==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:07 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
130
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
1a0727fa-f8ce613884c06f4d.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
130 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/1a0727fa-f8ce613884c06f4d.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1a9bcfd6a323750e9a6e457c00d75334cc7d4215a07c71a07e9ba653a2787b03
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
AEsVHmdhQ.9GlSkn.irTdFXq0WTZeCIl
etag
"16fdfb568433cbb67572f639e84f9e7e"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
6St_NLlGT37r6s342pbWsfKmlqdgrruhkoXj79RabL0IEW_xaH_WXg==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:06 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
130
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
70d6c0b8-5976cd5f963ca049.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
130 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/70d6c0b8-5976cd5f963ca049.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40c30a2b8e010656d34565cd3bb3596e18a3ae9ab731856b4d859e20851f2c8d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
GIXPQdT7zNr8EQMeqIcMRbkDrGQuaNcR
etag
"402edb033e03933577ec4eddd7e10ca9"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
Iyqleyhypcwihgrir-RbuIfwBqAvbWhWjZu22BKq7RnnsR-GJzhxcw==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:07 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
130
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
9729-4c035f5ee2404c2d.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
148 KB
58 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/9729-4c035f5ee2404c2d.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
94e6467a5ea548fec8bc4588c94850b63b788571411e79f829e1ebf74abd4399
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"fec44dbc06284ca90ce361231b1f27db"
x-amz-version-id
ayDthPyVSCbYRI8zf0bVWWsscDFKcMFo
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
r-WIF5LuCMnIKocsSZ1e_-wkO11lETs4dWwtl-evqOSmkVvhYaUMIQ==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:07 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
7211-87423b18e9df5005.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
84 KB
30 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/7211-87423b18e9df5005.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
283bb566948cbce701064bb2ddcf64d2268cf8a354b112f8cc1375e6fc82c0b7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"5d6008af8258e0427957adbfedbfdf76"
x-amz-version-id
2tKezjJyJPwt68VRqhDmRx98Yxw.zy25
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
op9nwEuLMY4-vDUnmeaXY1UmD-1E-QCYHQDlSEddAapj0eTgGoQIQA==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 15:50:56 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
3289-cdf2d3e121baba3d.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
12 KB
4 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/3289-cdf2d3e121baba3d.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b24303c1ba1194c863a6e9641dc69b990380610e7ca5bf54db4844cf4fff0701
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"96578d540cb353d834f75be04e9f44e3"
x-amz-version-id
k4_rSVZUsZPiuAi2OxX9UfvbTDQJrDZg
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
lJPRy_T_yyN3g1f9YIiW4VPwbmDR82aszKrLAkfS063-hQB0KLlpeA==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:06 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
1357-0094529a21ae6afd.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
39 KB
12 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/1357-0094529a21ae6afd.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9a9ce5e0cdbe6690d12f1d3b1974af61e82bf9924e950a236842f40151539bc0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"4a673487dfc1cc0c2e20319ed330d17d"
x-amz-version-id
98I78zyt_QWO8z1BJF5Ig44piK8bjCDT
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
5ndo7k1fUUWYh3sRrk4msbOToo1eUSz-85DMlAizLnaZfm5ocEXMHQ==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:06 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
8149-c92f1aee52b686e2.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
62 KB
19 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/8149-c92f1aee52b686e2.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
66cb178c790701accd65f29669ad3bc8fac39e5a2e86227201ce51e087bfff83
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"5f116a9925291863e4cfe2be570ea05e"
x-amz-version-id
bluiPJMLsnp02QN20m4N9YoTUZh_5CNz
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
kRiiDmEs_DaYaH4bJPSNKPmFTAK1CReZVxLZ15wbCrkLU3VnNkwE-g==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:07 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
enter-account-email-5792c20d7943b292.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/
768 B
2 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/enter-account-email-5792c20d7943b292.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39954d4f99d2046907fefeb518f0ff3fe3ad0be00e83e8cd07530b9b5c5d6f34
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
WELZPziZuHJZ781NZDnJ9jHDLuu2yl0S
etag
"f296d59d26f8d962d2c0043d3971b5da"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
SQNDsMdzZn5zxyciMup4G1Khtt3nkrgOefL-kVbr6u87Anj6UQurbg==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:08 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
768
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
_buildManifest.js
d4ap29roc7969.cloudfront.net/_next/static/TIfE2wOBi3ZGGipX60usS/
3 KB
2 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/TIfE2wOBi3ZGGipX60usS/_buildManifest.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c857d7c9535ef7155cd650c99a1aab40a91087e5fda7fb8e172a6f965a5c4094
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"4a5da2dca21edff16b16ae7f92538acf"
x-amz-version-id
GD3nrr._JyHtJppZOesIFiw1qtFd9BYf
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
yX4l9dRnV6x-6hc_675eXqMetArnvRmj2VZp7f9Ix9FT_2irQV7vqQ==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 15:50:55 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
_ssgManifest.js
d4ap29roc7969.cloudfront.net/_next/static/TIfE2wOBi3ZGGipX60usS/
77 B
1 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/TIfE2wOBi3ZGGipX60usS/_ssgManifest.js
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

x-amz-version-id
7GZ53fBWAbl1.dBAgKiLLimCOlH.XYT6
etag
"b6652df95db52feb4daf4eca35380933"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
TDrv7FnLjud6uqTtcOnLBUGURm88YVytaNwrFUYuDStUFHH9qVW5mQ==
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 15:50:55 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
77
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
enterprise.js
www.google.com/recaptcha/
2 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6LcbYHgeAAAAAKHcltm77zJ0Gi6K-4Cjbtzg0cpy&hl=de
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f4.1e100.net
Software
ESF /
Resource Hash
493b30160d2c2f0081493df4c4c36eb77b9d32b1572db23a23f6e0f662d824bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 23 Dec 2024 17:06:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 23 Dec 2024 17:06:58 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
NaN-Holo-Condensed-700.ttf
www.gympass.com/sign-up/fonts/NaNHoloCondensed/
185 KB
86 KB
Font
General
Full URL
https://www.gympass.com/sign-up/fonts/NaNHoloCondensed/NaN-Holo-Condensed-700.ttf
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b277b50f1b2c2eed2502aacb75e10aa8bd89fcbbe1469b6f33eba79e415e3c8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.gympass.com
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"2e3a8-193e4c29e20"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
PU8Acolaz-mzpb3-6W7n_nQMMyRLgMHTYSbEIifSbsip6-ENRBpLug==
date
Mon, 23 Dec 2024 17:06:56 GMT
content-type
font/ttf
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:49:40 GMT
Inter-700.ttf
www.gympass.com/sign-up/fonts/Inter/
309 KB
158 KB
Font
General
Full URL
https://www.gympass.com/sign-up/fonts/Inter/Inter-700.ttf
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
412c068eab6f36e6807d630ff89127165e8e4d3e8653434cdfb56b60cdcc3a32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.gympass.com
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"4d4a8-193e4c29e20"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
O7x4hJvO_Y_heDHScfIm3J8ksh7t2FWT6SBbDGpXr4_sBMKurq7LeQ==
date
Mon, 23 Dec 2024 17:06:56 GMT
content-type
font/ttf
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:49:40 GMT
Inter-500.ttf
www.gympass.com/sign-up/fonts/Inter/
308 KB
157 KB
Font
General
Full URL
https://www.gympass.com/sign-up/fonts/Inter/Inter-500.ttf
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a645f55492d1c8cdace43c72be8cbec08e680b5a86d8b4c2d1c50d6e41e9cc96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.gympass.com
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"4cefc-193e4c29e20"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
SCi_3m18sOQfQ-KUORZdVMXBGTKG7sJeSKFlt5xRpCASN-KRL7Y66A==
date
Mon, 23 Dec 2024 17:06:56 GMT
content-type
font/ttf
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:49:40 GMT
Inter.ttf
www.gympass.com/sign-up/fonts/Inter/
303 KB
148 KB
Font
General
Full URL
https://www.gympass.com/sign-up/fonts/Inter/Inter.ttf
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
3127f0b873387ee37e2040135a06e9e9c05030f509eb63689529becf28b50384

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.gympass.com
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"4bbec-193e4c29e20"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
DU7Feijd2JH13PXiEKF4lhDVxfecyjLV3NLSwwSfmYeW80NyWevDBQ==
date
Mon, 23 Dec 2024 17:06:56 GMT
content-type
font/ttf
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:49:40 GMT
wellhub_logo.b5e31c5e.svg
www.gympass.com/sign-up/_next/static/media/
6 KB
3 KB
Image
General
Full URL
https://www.gympass.com/sign-up/_next/static/media/wellhub_logo.b5e31c5e.svg
Requested by
Host: www.gympass.com
URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
be874ae40e7225d8db64a1dbee882626d645680940ce0623f9a6fe1e3bab98a5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"16ac-193e4c39c08"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
-AvEx2S2Od-uKXhX-BDXTegfRp6wdR4qLwrXwCdZPNquXeGO5hcKPA==
date
Mon, 23 Dec 2024 17:06:57 GMT
content-type
image/svg+xml
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:50:45 GMT
framework.5d04449452766161.js
www.gympass.com/sign-up/_next/static/chunks/
138 KB
45 KB
Script
General
Full URL
https://www.gympass.com/sign-up/_next/static/chunks/framework.5d04449452766161.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8804709a3e0b133c904d2b138ac44c723c40be1582e86a1a6d6259693c1815f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"226b4-193e4c39c08"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
H7LgxImBILObhSk2WFnFA_LaDyFvJtWQlO8zXHgqy_cJeTKsmLeOqw==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:50:45 GMT
2184.10a64c06a44789b3.js
www.gympass.com/sign-up/_next/static/chunks/
972 B
1 KB
Script
General
Full URL
https://www.gympass.com/sign-up/_next/static/chunks/2184.10a64c06a44789b3.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
eb9b49f27cf4c8d24d52fd2043db6518c154ce97ec0ffbad586df52f888ad0cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
etag
W/"3cc-193e4c39c08"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
972
x-amz-cf-id
oL2yevWx9oppv3e66LY07ESYS1rpq9mnn7wZJznpAjUfqMe1CXWxFQ==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:50:45 GMT
6715.30100f6b718ab3f1.js
www.gympass.com/sign-up/_next/static/chunks/
54 KB
17 KB
Script
General
Full URL
https://www.gympass.com/sign-up/_next/static/chunks/6715.30100f6b718ab3f1.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
133d9c8b84004812fc39432570e054283d392cdd166bc2cae467270f5e82082a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"d6ff-193e4c39c08"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
s_FDA6V4IV25OV-yN7c7uTypEArq_K6N87bie7QwBxTny5DVM37M_Q==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:50:45 GMT
9965.c3f7e35751d25530.js
www.gympass.com/sign-up/_next/static/chunks/
10 KB
5 KB
Script
General
Full URL
https://www.gympass.com/sign-up/_next/static/chunks/9965.c3f7e35751d25530.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
052f026a69908139b7e7738d5f2e971957376491618aa7a1b26a41f4470ece4c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"2964-193e4c39c08"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
Inourz_R-t5gISFVL5HrUlq6tlLqv1cWiBUB1mEnnpWae6-4nfw1uw==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:50:45 GMT
3368.c241695af3d89c87.js
www.gympass.com/sign-up/_next/static/chunks/
127 B
495 B
Script
General
Full URL
https://www.gympass.com/sign-up/_next/static/chunks/3368.c241695af3d89c87.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
89e817ce3c05fff0369ddec54bf10cdc84a5a518adaa38efef2607623cb9467a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=31536000, immutable
etag
W/"7f-193e4c39c08"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
127
x-amz-cf-id
4BxILRTP8FTP9tl_uETpEngmjp0f6huDBy1rZc-w5mExUY4uqqE7rw==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:50:45 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/
549 KB
218 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LcbYHgeAAAAAKHcltm77zJ0Gi6K-4Cjbtzg0cpy&hl=de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8694091227f6f34a6acb8dda867cab6f129cb19ee794a75ebd434793d4066e5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.gympass.com
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
age
552055
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 07:46:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 17 Dec 2024 07:46:03 GMT
last-modified
Tue, 10 Dec 2024 23:05:10 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
222469
x-xss-protection
0
server
sffe
4953.87c0fb2b0eb6f378.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
5 KB
3 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/4953.87c0fb2b0eb6f378.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b693e1d5c7ac8af80482b3165a402be641c2a0bb7f3ecd5c1ac3a6d70cd467aa
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"d9d37f7076bfda4daa6ef01990ab0137"
x-amz-version-id
cbG0A.KmQxxoppX2Cg.eZFtx.nS.nsYa
age
38
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
lO_06eC3JM7IQG6qSv_Cg3PLMKVHjPAFU2cc2nt4vm2hmSBW1fXmLg==
date
Mon, 23 Dec 2024 17:06:58 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:06 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
/
o4504963224764416.ingest.sentry.io/api/4505103042805760/envelope/
2 B
297 B
Fetch
General
Full URL
https://o4504963224764416.ingest.sentry.io/api/4505103042805760/envelope/?sentry_key=06994672747542d0b18067add91dbb7f&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.113.0
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.gympass.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Dec 2024 17:06:59 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
FUV4mdGUpp8SVpshiAz8W.json
cdn.optimizely.com/datafiles/
33 KB
6 KB
XHR
General
Full URL
https://cdn.optimizely.com/datafiles/FUV4mdGUpp8SVpshiAz8W.json
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0de99da8023f7964819e45c102163a94145b1dc6a031fd0615f7fc6b4ffb853a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

access-control-max-age
604800
content-encoding
gzip
cf-cache-status
HIT
etag
"3ade3927b4b47fb0be6a557da56259e4"
x-amz-version-id
yonO9Gb.LphaQQTeIWudLovw9ShowxvB
age
10
access-control-allow-methods
GET, HEAD, OPTIONS
date
Mon, 23 Dec 2024 17:06:59 GMT
x-amz-meta-revision
522
content-type
application/json; charset=utf-8
last-modified
Wed, 11 Dec 2024 17:45:20 GMT
vary
Accept-Encoding
x-amz-id-2
zrPxi03TIa8fbp6wjqYDGIHJmIugypZZEjYAMsDvn+277yZYI4uDMMljzKATRsFTdvYxE6E1+DxIuiMwQQ6r7Q5dEYOsNXUsTt8hkUfkKqI=
access-control-allow-headers
*
x-amz-replication-status
PENDING
cache-control
max-age=120
x-amz-meta-pci_enabled
False
access-control-allow-credentials
false
x-amz-request-id
9XC7BZ5VA6E82PWS
cf-ray
8f69f200cbe337cc-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
5367
server
cloudflare
x-amz-server-side-encryption
AES256
tp2
snowplow-collector.gympass.com/com.snowplowanalytics.snowplow/ Frame
0
0
Preflight
General
Full URL
https://snowplow-collector.gympass.com/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.210.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-210-180.compute-1.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.gympass.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://www.gympass.com
access-control-max-age
5
content-length
0
date
Mon, 23 Dec 2024 17:06:59 GMT
server
akka-http/10.1.12
162.15867a0ef67b928f.js
d4ap29roc7969.cloudfront.net/_next/static/chunks/
2 KB
2 KB
Script
General
Full URL
https://d4ap29roc7969.cloudfront.net/_next/static/chunks/162.15867a0ef67b928f.js
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/webpack-84839eff88a6eb21.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-104.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
629320e959da1d3b8590426746db0061d1744ef2b363172d01d5c4743205b86d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

content-encoding
gzip
etag
W/"add99f1d481b3ab13366938a1aed0ff4"
x-amz-version-id
R._aI6sHTX7zzFfvhk7gHPss2dti9JLw
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
J7fVCCteDZzuFaYhRD-n3Kt5OJhu_2tQpkhDSANXuugpxQp9vIAJ6A==
date
Mon, 23 Dec 2024 17:07:00 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Fri, 20 Dec 2024 19:11:06 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.browser-intake-datadoghq.com *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.browser-intake-datadoghq.com *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
via
1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
integrations
cdn.segment.com/v1/projects/cSncB9bL911gXhEGqMRxpXsExHGVDlMP/
1 KB
1 KB
Fetch
General
Full URL
https://cdn.segment.com/v1/projects/cSncB9bL911gXhEGqMRxpXsExHGVDlMP/integrations
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ea9a562d3ea850a0622833495bfca10d8c6fdfea10df1f7e6ef5436c1c61f8be

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/

Response headers

access-control-max-age
3000
content-encoding
br
x-amz-version-id
ZrZBzJoqOLmzSW.VqoyKkuOLLST5qzpi
etag
W/"89645148c62a58e8474e245bd50328c0"
age
2470
access-control-allow-methods
GET, HEAD
x-cache
Hit from cloudfront
x-amz-cf-id
OzPpWt50Tf1IfZJ4D6Xx1WEjRGGM_tbbIUfxZUw9WAXqXmLV5Mo8ZA==
date
Mon, 23 Dec 2024 16:26:34 GMT
content-type
application/json; charset=utf-8
vary
accept-encoding
last-modified
Wed, 29 May 2024 11:51:44 GMT
x-amz-replication-status
COMPLETED
cache-control
public, max-age=10800
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA6-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
tp2
snowplow-collector.gympass.com/com.snowplowanalytics.snowplow/
2 B
330 B
XHR
General
Full URL
https://snowplow-collector.gympass.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.210.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-210-180.compute-1.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json; charset=UTF-8
Referer
https://www.gympass.com/

Response headers

access-control-allow-origin
https://www.gympass.com
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length
2
date
Mon, 23 Dec 2024 17:07:00 GMT
content-type
text/plain; charset=UTF-8
server
akka-http/10.1.12
access-control-allow-credentials
true
frontend
unleash-edge-code.gympass.com/api/
12 KB
2 KB
Fetch
General
Full URL
https://unleash-edge-code.gympass.com/api/frontend?sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16&environment=default&appName=buzzlightyear
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:2600:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
870c44b694a26048a99d07564bb026f855cad81751033a9348a8583e60700a9c

Request headers

Authorization
default:production.343c8bf6aab29c4d6bb507bbf8633a1ef40660f412a30f1e743bffc4
Referer
https://www.gympass.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json

Response headers

content-encoding
br
etag
W/"2f49-03v_CUkbKv5hF4SVMyJD8A=="
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
D00DlGlYSTZTTPmTz3mqdWIQDTrY852zB_WuKV8hzYAA2B7ELgpD2g==
date
Mon, 23 Dec 2024 17:07:00 GMT
content-type
application/json
vary
accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-amz-cf-pop
FRA56-P6
frontend
unleash-edge-code.gympass.com/api/ Frame
0
0
Preflight
General
Full URL
https://unleash-edge-code.gympass.com/api/frontend?sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16&environment=default&appName=buzzlightyear
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:2600:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://www.gympass.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
authorization
access-control-allow-methods
DELETE, HEAD, GET, OPTIONS, PATCH, POST, PUT, CONNECT, TRACE
access-control-allow-origin
*
content-length
0
date
Mon, 23 Dec 2024 17:06:59 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
x-amz-cf-id
YOmXvjliRe9GA1Wn_jtEP1neKDsKRNPljoLRGXkHAC3_ScCqOJ1MiA==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
anchor
www.google.com/recaptcha/enterprise/ Frame 1907
0
0
Document
General
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcbYHgeAAAAAKHcltm77zJ0Gi6K-4Cjbtzg0cpy&co=aHR0cHM6Ly93d3cuZ3ltcGFzcy5jb206NDQz&hl=de&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&cb=ax1iya7wtyeu
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-je0bUPmFxmiOKQUPn8x3nA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gympass.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-je0bUPmFxmiOKQUPn8x3nA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 23 Dec 2024 17:06:59 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
frontend
unleash-edge-code.gympass.com/api/ Frame
0
0

frontend
unleash-edge-code.gympass.com/api/
0
0

frontend
unleash-edge-code.gympass.com/api/
12 KB
2 KB
Fetch
General
Full URL
https://unleash-edge-code.gympass.com/api/frontend?environment=default&appName=buzzlightyear&sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:2600:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c2d7079ad20b97871d9880e59486debb473db27da362da434c4078e0c13d960e

Request headers

Authorization
default:production.343c8bf6aab29c4d6bb507bbf8633a1ef40660f412a30f1e743bffc4
Referer
https://www.gympass.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json

Response headers

content-encoding
br
etag
W/"2f49-QUPPkEqkZSmeKUv-SFCg6Q=="
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
5r_Wg074xvCNPl8YiHMnWHOxcIHHFkC8QsXKSC0AJPAqqC-t4iyDZw==
date
Mon, 23 Dec 2024 17:07:00 GMT
content-type
application/json
vary
accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-amz-cf-pop
FRA56-P6
frontend
unleash-edge-code.gympass.com/api/ Frame
0
0
Preflight
General
Full URL
https://unleash-edge-code.gympass.com/api/frontend?environment=default&appName=buzzlightyear&sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:2600:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://www.gympass.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
authorization
access-control-allow-methods
DELETE, HEAD, GET, OPTIONS, PATCH, POST, PUT, CONNECT, TRACE
access-control-allow-origin
*
content-length
0
date
Mon, 23 Dec 2024 17:07:00 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
x-amz-cf-id
UJLoIigeVH3fYuIlKSmlO1wFSBEG7RiHoCoH23y9UIvWn-HZYpg-UQ==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
frontend
unleash-edge-code.gympass.com/api/ Frame
0
0
Preflight
General
Full URL
https://unleash-edge-code.gympass.com/api/frontend?environment=default&appName=buzzlightyear&sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:2600:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://www.gympass.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
authorization
access-control-allow-methods
DELETE, HEAD, GET, OPTIONS, PATCH, POST, PUT, CONNECT, TRACE
access-control-allow-origin
*
content-length
0
date
Mon, 23 Dec 2024 17:07:00 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
x-amz-cf-id
RG-qBN0mLfQdRelQWWg5Y1N08WxXcvPeULQ66_pA-7ocLc9BIj_e6A==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
frontend
unleash-edge-code.gympass.com/api/
12 KB
2 KB
Fetch
General
Full URL
https://unleash-edge-code.gympass.com/api/frontend?environment=default&appName=buzzlightyear&sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16
Requested by
Host: d4ap29roc7969.cloudfront.net
URL: https://d4ap29roc7969.cloudfront.net/_next/static/chunks/pages/_app-bbc92cafbec97a11.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:2600:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8983c37b509f9caadc88ed9aa6ee02275f35ae83e3f5380b18ecb971c1a2f402

Request headers

Authorization
default:production.343c8bf6aab29c4d6bb507bbf8633a1ef40660f412a30f1e743bffc4
Referer
https://www.gympass.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json

Response headers

content-encoding
br
etag
W/"2f49--Dz3grgdx_Xo0Ixc6PMufQ=="
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
j--6Pd-X6F6mKSNqXnOSKd5y3DdBwnFwQpbMxkN_-LC6Vw3o6e0gmg==
date
Mon, 23 Dec 2024 17:07:00 GMT
content-type
application/json
vary
accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-amz-cf-pop
FRA56-P6
favicon.ico
www.gympass.com/sign-up/images/favicon/
15 KB
6 KB
Other
General
Full URL
https://www.gympass.com/sign-up/images/favicon/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:9800:18:69db:c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5fe6abce610c40b257a46bf21808fee48e4adaa52e9c1276f0bc88996d00299d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento

Response headers

x-amz-cf-pop
FRA56-P7
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"3c2e-193e4c29e20"
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
WD5KoTDVu858l1QwrEbAxPGyp1eMA82VvzG-s69P9cwodua1t6-e6g==
date
Mon, 23 Dec 2024 17:07:01 GMT
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Fri, 20 Dec 2024 15:49:40 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
unleash-edge-code.gympass.com
URL
https://unleash-edge-code.gympass.com/api/frontend?environment=default&appName=buzzlightyear&sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16
Domain
unleash-edge-code.gympass.com
URL
https://unleash-edge-code.gympass.com/api/frontend?environment=default&appName=buzzlightyear&sessionId=e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| analytics object| usedChunks object| webpackChunkbuzzlightyear object| _N_E object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| __BUILD_MANIFEST object| __SSG_MANIFEST object| __SENTRY__ object| SENTRY_RELEASE string| __rewriteFramesAssetPrefixPath__ object| __REACT_INTL_CONTEXT__ function| parcelRequirea93d function| _ function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __APOLLO_CLIENT__ object| closure_lm_415232

7 Cookies

Domain/Path Name / Value
www.gympass.com/ Name: unleash-session-id
Value: e1ea6e1c-86cc-4b6c-a0a6-cbcee9b34a16
www.gympass.com/ Name: optimizely-user-id
Value: b95eaec5-021d-4bbd-b0f7-76d61759109c
www.gympass.com/ Name: viewer_id
Value: 5AVYYwlXElvp8mRaFYFvJ-Syv-eNFILfhxLTNmw0Nmk
.gympass.com/ Name: _sp_ses.d9bd
Value: *
.gympass.com/ Name: _sp_id.d9bd
Value: ee12e3d4-2a31-43e7-9710-23f72d3198d3.1734973619.1.1734973619..848bba77-89fc-4b1d-8366-03774a19bdcc..f04800fa-b5e5-475c-93d3-fcc6c6fe3ab4.1734973619063.1
.gympass.com/ Name: gp_consent_privacy
Value: {%22de-de%22:{%22marketing%22:false%2C%22analytics%22:false%2C%22functional%22:false%2C%22essential%22:true}}
.gympass.com/ Name: sp
Value: 6f4351ce-f4b4-4fc5-b8e6-fd54f0b71b49

1 Console Messages

Source Level URL
Text
rendering warning URL: https://www.gympass.com/sign-up/enter-account-email?client_id=a9a0aabb-63e9-4986-a97a-cab2f691cbe2&company_name=Caixa%20&country_name=BR&invitation_id=e410bf29-7201-4266-9c64-e250dec08337&eligibility_id=84d64df5-485f-4529-82d3-7e8644139a60&correlation_id=35d80cc2-d829-4379-b680-bdd22c6d31c0&flow=primary&eligibility_type=ASSOCIATE&source=EMAIL_INVITATION&eligible_full_name=Thiago%20Tadeu%20Argento
Message:
The key "autorotate:disabled" is not recognized and ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.optimizely.com
cdn.segment.com
d4ap29roc7969.cloudfront.net
o4504963224764416.ingest.sentry.io
snowplow-collector.gympass.com
u3433257.ct.sendgrid.net
unleash-edge-code.gympass.com
www.google.com
www.gstatic.com
www.gympass.com
unleash-edge-code.gympass.com
107.20.210.180
13.32.121.104
142.250.186.68
167.89.118.23
2600:9000:2490:2600:13:fba0:c680:93a1
2600:9000:2491:9800:18:69db:c00:93a1
2606:4700::6812:4139
2a00:1450:4001:810::2003
34.120.195.249
99.86.8.175
052f026a69908139b7e7738d5f2e971957376491618aa7a1b26a41f4470ece4c
0de99da8023f7964819e45c102163a94145b1dc6a031fd0615f7fc6b4ffb853a
133d9c8b84004812fc39432570e054283d392cdd166bc2cae467270f5e82082a
1a9bcfd6a323750e9a6e457c00d75334cc7d4215a07c71a07e9ba653a2787b03
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
283bb566948cbce701064bb2ddcf64d2268cf8a354b112f8cc1375e6fc82c0b7
2dcaaf9981f22cb254df78ea54589a2e911975cafa522ef310f323d42aa5a796
311fcc7ef2c736a24140e2c347b112aaae34598c9d4e88cbd252aca1b747dfd7
3127f0b873387ee37e2040135a06e9e9c05030f509eb63689529becf28b50384
39954d4f99d2046907fefeb518f0ff3fe3ad0be00e83e8cd07530b9b5c5d6f34
40c30a2b8e010656d34565cd3bb3596e18a3ae9ab731856b4d859e20851f2c8d
412c068eab6f36e6807d630ff89127165e8e4d3e8653434cdfb56b60cdcc3a32
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
493b30160d2c2f0081493df4c4c36eb77b9d32b1572db23a23f6e0f662d824bf
5fe6abce610c40b257a46bf21808fee48e4adaa52e9c1276f0bc88996d00299d
629320e959da1d3b8590426746db0061d1744ef2b363172d01d5c4743205b86d
66cb178c790701accd65f29669ad3bc8fac39e5a2e86227201ce51e087bfff83
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
7b277b50f1b2c2eed2502aacb75e10aa8bd89fcbbe1469b6f33eba79e415e3c8
8522f36d68265ecf3f50f4ad40bf4fa68c569fc9902315550484848b5a246f8a
8694091227f6f34a6acb8dda867cab6f129cb19ee794a75ebd434793d4066e5a
870c44b694a26048a99d07564bb026f855cad81751033a9348a8583e60700a9c
8804709a3e0b133c904d2b138ac44c723c40be1582e86a1a6d6259693c1815f2
8983c37b509f9caadc88ed9aa6ee02275f35ae83e3f5380b18ecb971c1a2f402
89e817ce3c05fff0369ddec54bf10cdc84a5a518adaa38efef2607623cb9467a
94e6467a5ea548fec8bc4588c94850b63b788571411e79f829e1ebf74abd4399
9872896b36a87f149731a0b35d42e2566e0ea938bde3a854e01302cde3bcb78c
9a9ce5e0cdbe6690d12f1d3b1974af61e82bf9924e950a236842f40151539bc0
9e2e4f167f610e832997acd1a81aafc8e866aa642c7083a9db373538ac576419
a645f55492d1c8cdace43c72be8cbec08e680b5a86d8b4c2d1c50d6e41e9cc96
a9210682cf55d46f24ceca6985dfa341fa67e4e599ce0363b1c51469af89a869
ac4377c8074d6ea6c71bf36511f7fe4fb7b51e18e8bdf8b5ecc25ec87786ddd5
b24303c1ba1194c863a6e9641dc69b990380610e7ca5bf54db4844cf4fff0701
b693e1d5c7ac8af80482b3165a402be641c2a0bb7f3ecd5c1ac3a6d70cd467aa
bdd7113bc765429eedaaeb98daa5a64dae9101f33ddc1b825a3a5db94133f91d
be874ae40e7225d8db64a1dbee882626d645680940ce0623f9a6fe1e3bab98a5
c2d7079ad20b97871d9880e59486debb473db27da362da434c4078e0c13d960e
c857d7c9535ef7155cd650c99a1aab40a91087e5fda7fb8e172a6f965a5c4094
e4e81c747dac6a465beb9f5f9cc3e9e84457bd44282f674fb4c9ea3125d01a50
ea9a562d3ea850a0622833495bfca10d8c6fdfea10df1f7e6ef5436c1c61f8be
eb9b49f27cf4c8d24d52fd2043db6518c154ce97ec0ffbad586df52f888ad0cd
efb3577e26800de7be1d43d138ec02d68702cb40298b45060cab54da6de2591e