www.nationwide.co.uk Open in urlscan Pro
155.131.44.69 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bowser.org/
Effective URL:
http://www.nationwide.co.uk/
Submission: On September 19 via manual (September 19th 2017, 9:09:05 am UTC) from IE

Summary HTTP 28 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 4 domains to perform 28 HTTP transactions. The main IP is 155.131.44.69, located in Swindon, United Kingdom and belongs to , GB. The main domain is www.nationwide.co.uk.

This is the only time www.nationwide.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	143.95.79.238 143.95.79.238	36024 (COLO4-CO) (COLO4-CO - Colo4)
1 20	155.131.44.69 155.131.44.69	13114 () ()
1	23.8.10.180 23.8.10.180	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	155.131.32.21 155.131.32.21	13114 () ()
3	66.117.29.6 66.117.29.6	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 2	66.235.148.65 66.235.148.65	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 3	23.35.106.97 23.35.106.97	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
28	7

1 143.95.79.238 (Los Angeles, United States) 1 redirects

ASN36024 (COLO4-CO - Colo4, LLC, US)
PTR: ip-143-95-79-238.iplocal

bowser.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 155.131.44.69 (Swindon, United Kingdom) 1 redirects

ASN13114 (, GB)
PTR: dusa2400.www.nationwide.co.uk

nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.8.10.180 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-10-180.deploy.static.akamaitechnologies.com

cdn.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 155.131.32.21 (Swindon, United Kingdom)

ASN13114 (, GB)
PTR: du11.onlinebanking.nationwide.co.uk

onlinebanking.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.117.29.6 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

nationwidebuildingso.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.235.148.65 (Lehi, United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d2.sc.omtrdc.net

metrics.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.106.97 (Amsterdam, Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-35-106-97.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	nationwide.co.uk 2 redirects nationwide.co.uk www.nationwide.co.uk onlinebanking.nationwide.co.uk metrics.nationwide.co.uk	567 KB
4	omtrdc.net cdn.tt.omtrdc.net nationwidebuildingso.tt.omtrdc.net	14 KB
3	mathtag.com 1 redirects pixel.mathtag.com	3 KB
1	bowser.org 1 redirects bowser.org	240 B
28	4

	Domain	Requested by
19	www.nationwide.co.uk	www.nationwide.co.uk
3	pixel.mathtag.com	1 redirects pixel.mathtag.com
3	nationwidebuildingso.tt.omtrdc.net	www.nationwide.co.uk
2	metrics.nationwide.co.uk	1 redirects www.nationwide.co.uk
1	onlinebanking.nationwide.co.uk	www.nationwide.co.uk
1	cdn.tt.omtrdc.net	www.nationwide.co.uk
1	nationwide.co.uk	1 redirects
1	bowser.org	1 redirects
28	8

This site contains links to these domains. Also see Links.

Domain
onlinebanking.nationwide.co.uk
nationwide.onlineips.co.uk
nationwide.landg.com
nationwide.mypfp.co.uk
www.nationwidecommercial.co.uk
nationwidecommercial.co.uk
www.nationwide-jobs.co.uk
www.the-fca.org.uk
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
www.nunwood.com

Subject Issuer	Validity	Valid
onlinebanking.nationwide.co.uk Symantec Class 3 EV SSL CA - G3	`2015-10-14` - `2017-10-14`	2 years	crt.sh
pixel.mathtag.com Symantec Class 3 Secure Server CA - G4	`2017-02-06` - `2018-02-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://www.nationwide.co.uk/
Frame ID: 5342.1
Requests: 31 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=f51b59c1-dea7-4d00-85a9-d70f0e4d3deb&no_iframe=1&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mt_exid=10068
Frame ID: 5342.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bowser.org/ HTTP 302
http://nationwide.co.uk/ HTTP 301
http://www.nationwide.co.uk/ Page URL

Page Statistics

28
Requests

11 %
HTTPS

0 %
IPv6

4
Domains

8
Subdomains

7
IPs

3
Countries

581 kB
Transfer

1171 kB
Size

13
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://onlinebanking.nationwide.co.uk/AccessManagement/Login
Title: Login to Internet Banking

Search URL Search Domain Scan URL

URL: https://onlinebanking.nationwide.co.uk/Registration/CustomerSelfRegistration/SelectAccountType
Title: Register for Internet Banking

Search URL Search Domain Scan URL

URL: https://nationwide.onlineips.co.uk/Logon/Logon.aspx
Title: Investor Portfolio Service (IPS)

Search URL Search Domain Scan URL

URL: https://nationwide.landg.com/portalserver/my-l-and-g-syndicated/index
Title: Legal and General MyAccount

Search URL Search Domain Scan URL

URL: https://nationwide.mypfp.co.uk/
Title: Personal Finance Portal

Search URL Search Domain Scan URL

URL: http://www.nationwidecommercial.co.uk/savings
Title: Business savings

Search URL Search Domain Scan URL

URL: https://nationwide.mypfp.co.uk/logon
Title: PFP log on

Search URL Search Domain Scan URL

URL: http://www.nationwidecommercial.co.uk/
Title: Business customers

Search URL Search Domain Scan URL

URL: http://nationwidecommercial.co.uk/savings
Title: Visit Nationwide for Businesses (This link will open in a new window)

Search URL Search Domain Scan URL

URL: http://www.nationwide-jobs.co.uk/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.the-fca.org.uk/
Title: FCA's website (This link will open in a new window) (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://twitter.com/AskNationwide
Title: Twitter (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NationwideBuildingSociety
Title: Facebook (This link will open in a new window)

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/nationwidebsocietyuk
Title: Youtube (This link will open in a new window)

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/nationwide-building-society
Title: LinkedIn (This link will open in a new window)

Search URL Search Domain Scan URL

URL: http://www.nunwood.com/sitemap/our-privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.nunwood.com/
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bowser.org/ HTTP 302
http://nationwide.co.uk/ HTTP 301
http://www.nationwide.co.uk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/s75462484626898?AQB=1&ndh=1&pf=1&t=19%2F8%2F2017%209%3A8%3A54%202%200&fid=199FCF4C48230648-305D4338F2043DA5&ce=UTF-8&ns=nationwide&cdp=3&pageName=bw%3Ahomepage&g=http%3A%2F%2Fwww.nationwide.co.uk%2F&c.&page.&nbs_cms_page_version=243&.page&nbs_version_sc=a%3A2.2.0_v%3Ana_m%3A63_d%3Ana_20170720_004&.c&cc=GBP&ch=Brochureware&events=event26&products=Internal%20ads%3BIntcmp_3583%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3628%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3390%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3537%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Ahomepage&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/s75462484626898?AQB=1&pccr=true&vidn=2CE06F5385311A1B-40000128A0010AD9&&ndh=1&pf=1&t=19%2F8%2F2017%209%3A8%3A54%202%200&fid=199FCF4C48230648-305D4338F2043DA5&ce=UTF-8&ns=nationwide&cdp=3&pageName=bw%3Ahomepage&g=http%3A%2F%2Fwww.nationwide.co.uk%2F&c.&page.&nbs_cms_page_version=243&.page&nbs_version_sc=a%3A2.2.0_v%3Ana_m%3A63_d%3Ana_20170720_004&.c&cc=GBP&ch=Brochureware&events=event26&products=Internal%20ads%3BIntcmp_3583%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3628%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3390%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3537%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Ahomepage&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Request Chain 28

https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1 HTTP 302
https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct

28 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.nationwide.co.uk/
Redirect Chain

http://bowser.org/
http://nationwide.co.uk/
http://www.nationwide.co.uk/

348 KB
90 KB

233ms
161ms

Document
text/html

155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

08bbc1482f02133e9dd14192a267fedde84cab8fe9d2b4e368b554ecb9319652

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
x-frame-options: SAMEORIGIN
Date: Tue, 19 Sep 2017 09:08:54 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store,max-age=300
Transfer-Encoding: chunked
x-xss-protection: 1; mode=block
Expires: -1

Redirect headers

Location: http://www.nationwide.co.uk/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

GET
H/1.1 200
OK meganavflyout.hotfix.css
www.nationwide.co.uk/~/media/MainSite/css/ 105 B
211 B 50ms
49ms Stylesheet
text/css 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/~/media/MainSite/css/meganavflyout.hotfix.css

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

429799489f780dafff620c295b42cead691065094774a492e1ed70a4a1155e05

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 05 May 2017 12:11:06 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: text/css
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: attachment; filename="meganavflyout.hotfix.css"
Accept-Ranges: bytes
Content-Length: 211
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK herocarousel.css
www.nationwide.co.uk/~/css/assets/main-site/generated/css/ 4 KB
741 B 87ms
51ms Stylesheet
text/css 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/~/css/assets/main-site/generated/css/herocarousel.css?id=D3FC4121EB894C69BDE7F7CF4F0AF669

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

7a36c109d4f4e743d395af93f7a9225ccadcea2eef1e7205535dc2a877cfdea3

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
x-frame-options: SAMEORIGIN
Date: Tue, 19 Sep 2017 09:08:54 GMT
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Cache-Control: private,max-age=300
Content-Length: 741
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK logo2xtrans.png
www.nationwide.co.uk/~/media/System/ 2 KB
2 KB 53ms
53ms Image
image/png 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/System/logo2xtrans.png?h=83&w=320

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

6bf007f26e6ef3afceb0f3d750714b9f63c34f50960b9fd6d1f92539e9c83724

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Thu, 18 Aug 2016 09:09:42 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="logo2xtrans.png"
Accept-Ranges: bytes
Content-Length: 2294
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK target.js Show response
cdn.tt.omtrdc.net/cdn/ 43 KB
14 KB 11ms
6ms Script
text/javascript 23.8.10.180
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.tt.omtrdc.net/cdn/target.js
Requested by: Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/
Protocol: HTTP/1.1
Server: 23.8.10.180 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-8-10-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 583a108c7259c75dd0404b9393bf559211fe8f45c126475bd38c3e46d0ba57e3

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 19 Sep 2017 09:08:54 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Aug 2017 03:32:57 GMT
Server: Apache
ETag: "5f49e-aa3e-557635e3bab13"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: must-revalidate, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14200

GET
H/1.1 200
OK Switch_Guarantee_Logo_Pos_170.png
www.nationwide.co.uk/~/media/MainSite/images/home-exit/2016/Logos/ 5 KB
5 KB 59ms
58ms Image
image/png 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/MainSite/images/home-exit/2016/Logos/Switch_Guarantee_Logo_Pos_170.png?h=70&la=en&w=115

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

917b3978bfa266a14a7f26f3e35e0e809a18f737e65e9ce7c33d5c9dff578e18

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Tue, 13 Sep 2016 12:54:17 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="Switch_Guarantee_Logo_Pos_170.png"
Accept-Ranges: bytes
Content-Length: 5228
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK brand-hub-banking-app-4-360x170.jpg
www.nationwide.co.uk/~/media/MainSite/images/home-exit/2017/01/mobile-app-linkup/ 12 KB
12 KB 93ms
56ms Image
image/jpeg 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/MainSite/images/home-exit/2017/01/mobile-app-linkup/brand-hub-banking-app-4-360x170.jpg?h=170&la=en&w=360

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

334c57024c802a2613e666895800b0f8173848457fa9c41aafcab6f52bf4f407

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Tue, 07 Mar 2017 11:14:03 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="brand-hub-banking-app-4-360x170.jpg"
Accept-Ranges: bytes
Content-Length: 12260
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK brand-hub-business-savings-account-pig-360x170.jpg
www.nationwide.co.uk/~/media/MainSite/images/home-exit/2016/09/business-savings/ 9 KB
9 KB 92ms
56ms Image
image/jpeg 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/MainSite/images/home-exit/2016/09/business-savings/brand-hub-business-savings-account-pig-360x170.jpg?h=170&la=en&w=360

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

d62577f0ce7796e27f568ee125a7ba24f8115d818b980b612305c8ef1545e889

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Fri, 30 Sep 2016 10:21:58 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="brand-hub-business-savings-account-pig-360x170.jpg"
Accept-Ranges: bytes
Content-Length: 9706
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK brand-hub-mortgage-calculator-360x170.jpg
www.nationwide.co.uk/~/media/MainSite/images/home-exit/2016/10/tablet-on-table/ 7 KB
7 KB 99ms
52ms Image
image/jpeg 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/MainSite/images/home-exit/2016/10/tablet-on-table/brand-hub-mortgage-calculator-360x170.jpg?h=170&la=en&w=360

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

a969fbbbb85cd3169f07fea6ace801513eed163b98db5ce97bfabfed0a4cbfcf

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Wed, 02 Nov 2016 10:31:47 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="brand-hub-mortgage-calculator-360x170.jpg"
Accept-Ranges: bytes
Content-Length: 7667
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK nbs-homepage.min.js Show response
www.nationwide.co.uk/assets/main-site/script/bundle/ 181 KB
58 KB 44ms
44ms Script
application/x-javascript 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

00e71de1b5b9a2b4575d34b51ba5e629e3b96df3ac06eed6404823bf4d8f6fd0

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 04 Sep 2017 16:07:44 GMT
ETag: "08826f19725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 59323
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK NBS-logo-nunwood.png
www.nationwide.co.uk/~/media/System/ 8 KB
8 KB 52ms
52ms Image
image/png 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/System/NBS-logo-nunwood.png

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

168ec041aac4b24b99249292996c35a272b929d6834ef438c3502d7b8624a828

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Tue, 04 Jul 2017 09:15:43 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="NBS-logo-nunwood.png"
Accept-Ranges: bytes
Content-Length: 8078
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK /
onlinebanking.nationwide.co.uk/ 11 KB
4 KB 208ms
49ms Other
text/html 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL: https://onlinebanking.nationwide.co.uk/
Requested by: Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 155.131.32.21 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS: du11.onlinebanking.nationwide.co.uk
Software: /
Resource Hash: bb960ace2b4ebda475150de99e127825489cf922e73f18dc27984629d25439fc

Request headers

Purpose: prefetch
Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 19 Sep 2017 09:08:54 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
r: 39.0.39005.1
Expires: -1

GET
H/1.1 200
OK standard Show response
nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/ 184 B
184 B 58ms
18ms Script
text/javascript 66.117.29.6
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: http://nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/standard?mboxHost=www.nationwide.co.uk&mboxPage=1f7fcf365ce6490dad36d0a03a66a9b9&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=1f7fcf365ce6490dad36d0a03a66a9b9&mboxXDomain=enabled&mboxCount=1&mboxTime=1505812134723&page_name=bw%3Ahomepage&mbox=bw%3Aglobal%20mbox&mboxId=0&mboxURL=http%3A%2F%2Fwww.nationwide.co.uk%2F&mboxReferrer=&mboxVersion=63
Requested by: Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/
Protocol: HTTP/1.1
Server: 66.117.29.6 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: Test & Target /
Resource Hash: 61671e94946a995dc7e1615d03e5583cece8038b30c611da2455f161891415a7

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Tue, 19 Sep 2017 09:08:53 GMT
Cache-Control: no-cache
Server: Test & Target
Content-Type: text/javascript;charset=utf-8
Content-Length: 184
P3P: CP="NOI DSP CURa OUR STP COM", CP="NOI DSP CURa OUR STP COM"

GET
H/1.1 200
OK page-body.png
www.nationwide.co.uk/assets/main-site/images/background/ 2 KB
2 KB 69ms
41ms Image
image/png 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/assets/main-site/images/background/page-body.png

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

17561150e865649a9aeeee94cb0f7a17d5e77147d3f2edefbee566f95128ddb3

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 04 Sep 2017 16:07:46 GMT
ETag: "0b557f29725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 2100
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK nbs-medium-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 33 KB
33 KB 42ms
39ms Font
application/x-font-woff 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/fonts/nbs-medium-webfont.woff

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

154f369084c28c7ceaf71531663e84382b0f3ac78fffa7f91c4543499b8ee41b

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: http://www.nationwide.co.uk/
Origin: http://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 04 Sep 2017 16:07:50 GMT
ETag: "0fbaf49725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 34084
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK standard Show response
nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/ 95 B
95 B 19ms
18ms Script
text/javascript 66.117.29.6
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: http://nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/standard?mboxHost=www.nationwide.co.uk&mboxPage=1f7fcf365ce6490dad36d0a03a66a9b9&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=1f7fcf365ce6490dad36d0a03a66a9b9&mboxXDomain=enabled&mboxCount=2&mboxTime=1505812134785&page_name=bw%3Ahomepage&sub_section_0=bw%3Ahomepage&mboxPC=1f7fcf365ce6490dad36d0a03a66a9b9.26_25&mbox=nw-global-mbox&mboxId=0&mboxURL=http%3A%2F%2Fwww.nationwide.co.uk%2F&mboxReferrer=&mboxVersion=63
Requested by: Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/
Protocol: HTTP/1.1
Server: 66.117.29.6 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: Test & Target /
Resource Hash: ebd4ffe29755de1cd14eec4a1e351bb3512e3f4d00d8193e59491c4fb81fe759

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Tue, 19 Sep 2017 09:08:53 GMT
Cache-Control: no-cache
Server: Test & Target
Content-Length: 95
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK standard Show response
nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/ 125 B
125 B 18ms
17ms Script
text/javascript 66.117.29.6
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: http://nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/standard?mboxHost=www.nationwide.co.uk&mboxPage=1f7fcf365ce6490dad36d0a03a66a9b9&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=1f7fcf365ce6490dad36d0a03a66a9b9&mboxXDomain=enabled&mboxCount=3&mboxTime=1505812134805&mboxPC=1f7fcf365ce6490dad36d0a03a66a9b9.26_25&mbox=bw%3Ahomepage&mboxId=0&mboxURL=http%3A%2F%2Fwww.nationwide.co.uk%2F&mboxReferrer=&mboxVersion=63
Requested by: Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/
Protocol: HTTP/1.1
Server: 66.117.29.6 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: Test & Target /
Resource Hash: b8a6be2ba40f95cbe801621b27df489ad139c904088fe6558423f788e04ed20f

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Tue, 19 Sep 2017 09:08:53 GMT
Cache-Control: no-cache
Server: Test & Target
Content-Type: text/javascript;charset=utf-8
Content-Length: 125
P3P: CP="NOI DSP CURa OUR STP COM"

GET
H/1.1 200
OK NBS-Icons.woff
www.nationwide.co.uk/assets/main-site/fonts/ 140 KB
140 KB 40ms
40ms Font
application/x-font-woff 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/fonts/NBS-Icons.woff

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

bff89835a1046925782d4aaebbfb550220f5d7e051e64bee859bb560cbfc9ac4

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: http://www.nationwide.co.uk/
Origin: http://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 04 Sep 2017 16:07:50 GMT
ETag: "0fbaf49725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 143208
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 83 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c3b918df3d0dc8ce11328cd21f8d9defc5858231b70bb11cd896f2f0bf5ae46

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/gif;charset=UTF-8

GET
H/1.1 200
OK nbs-icons-lite.woff
www.nationwide.co.uk/assets/main-site/fonts/ 8 KB
8 KB 40ms
40ms Font
application/x-font-woff 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/fonts/nbs-icons-lite.woff

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

6c966bf9fbd36a14c1eb2e9f5abac1be3d43574dd0bfa0ffbef92dc8d68233f1

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: http://www.nationwide.co.uk/
Origin: http://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 04 Sep 2017 16:07:52 GMT
ETag: "03cebf59725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 7892
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK nbs-bold-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 32 KB
32 KB 41ms
40ms Font
application/x-font-woff 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/fonts/nbs-bold-webfont.woff

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

5cfc1d72a6c4c817544222468ad1a2f27ed404481f529f223c05c1c52bb3ba2c

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: http://www.nationwide.co.uk/
Origin: http://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 04 Sep 2017 16:07:50 GMT
ETag: "0fbaf49725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 33208
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK brand-hub-heather-poet-1200.jpg
www.nationwide.co.uk/~/media/MainSite/images/home-exit/2017/02/family-deposit-mortgage/ 81 KB
81 KB 89ms
53ms Image
image/jpeg 155.131.44.69

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.nationwide.co.uk/~/media/MainSite/images/home-exit/2017/02/family-deposit-mortgage/brand-hub-heather-poet-1200.jpg?h=690&w=1200

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

0abda2869fb11b03264e97a250314f461f849d34bab7df0e2ce08380c8023845

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/~/css/assets/main-site/generated/css/herocarousel.css?id=D3FC4121EB894C69BDE7F7CF4F0AF669
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Tue, 07 Mar 2017 11:14:26 GMT
Date: Tue, 19 Sep 2017 09:08:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: private, max-age=604800,max-age=300
Content-Disposition: inline; filename="brand-hub-heather-poet-1200.jpg"
Accept-Ranges: bytes
Content-Length: 83190
x-xss-protection: 1; mode=block
Expires: Tue, 26 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK nbs-mediumitalic-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 37 KB
37 KB 47ms
40ms Font
application/x-font-woff 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/fonts/nbs-mediumitalic-webfont.woff

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

98f967059f5db23141c0710c86e1f7cb9939a88ac21af8ddf2bc723114b18b7f

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer: http://www.nationwide.co.uk/
Origin: http://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 04 Sep 2017 16:07:50 GMT
ETag: "0fbaf49725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 37676
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK essentials.min.css
www.nationwide.co.uk/assets/main-site/style/ 135 KB
28 KB 56ms
42ms Stylesheet
text/css 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/style/essentials.min.css

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

b737de6ce41165c6c0cdb0fcafdcd2c7ae042384e9437bc3d62f7fe1dc58a1c6

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 04 Sep 2017 16:07:44 GMT
ETag: "08826f19725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 28221
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 41 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 473d0879aa99abd9c77e3bc5abd608e1a755839a75d9e9600fd9b4f09c95b0cf

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1

200
OK

s75462484626898
metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/
Redirect Chain

http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/s75462484626898?AQB=1&ndh=1&pf=1&t=19%2F8%2F2017%209%3A8%3A54%202%200&fid=199FCF4C48230648-305D4338F2043DA5&ce=UTF-8&ns=nationwide&cd...
http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/s75462484626898?AQB=1&pccr=true&vidn=2CE06F5385311A1B-40000128A0010AD9&&ndh=1&pf=1&t=19%2F8%2F2017%209%3A8%3A54%202%200&fid=199FCF4C4...

43 B
43 B

23ms
23ms

Image
image/gif

66.235.148.65
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/s75462484626898?AQB=1&pccr=true&vidn=2CE06F5385311A1B-40000128A0010AD9&&ndh=1&pf=1&t=19%2F8%2F2017%209%3A8%3A54%202%200&fid=199FCF4C48230648-305D4338F2043DA5&ce=UTF-8&ns=nationwide&cdp=3&pageName=bw%3Ahomepage&g=http%3A%2F%2Fwww.nationwide.co.uk%2F&c.&page.&nbs_cms_page_version=243&.page&nbs_version_sc=a%3A2.2.0_v%3Ana_m%3A63_d%3Ana_20170720_004&.c&cc=GBP&ch=Brochureware&events=event26&products=Internal%20ads%3BIntcmp_3583%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3628%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3390%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3537%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Ahomepage&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by: Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/
Protocol: HTTP/1.1
Server: 66.235.148.65 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS: *.d2.sc.omtrdc.net
Software: Omniture DC /
Resource Hash: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Tue, 19 Sep 2017 09:08:55 GMT
X-C: ms-5.5.0
P3P: CP="This is not a P3P policy"
Connection: Keep-Alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Wed, 20 Sep 2017 09:08:55 GMT
Server: Omniture DC
xserver: www294
ETag: "59C0DEA7-0FBB-647528C7"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Keep-Alive: timeout=15
Expires: Mon, 18 Sep 2017 09:08:55 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 19 Sep 2017 09:08:55 GMT
Last-Modified: Wed, 20 Sep 2017 09:08:55 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
xserver: www269
X-C: ms-5.5.0
P3P: CP="This is not a P3P policy"
Location: http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.2.0/s75462484626898?AQB=1&pccr=true&vidn=2CE06F5385311A1B-40000128A0010AD9&&ndh=1&pf=1&t=19%2F8%2F2017%209%3A8%3A54%202%200&fid=199FCF4C48230648-305D4338F2043DA5&ce=UTF-8&ns=nationwide&cdp=3&pageName=bw%3Ahomepage&g=http%3A%2F%2Fwww.nationwide.co.uk%2F&c.&page.&nbs_cms_page_version=243&.page&nbs_version_sc=a%3A2.2.0_v%3Ana_m%3A63_d%3Ana_20170720_004&.c&cc=GBP&ch=Brochureware&events=event26&products=Internal%20ads%3BIntcmp_3583%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3628%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3390%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_3537%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Ahomepage&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Connection: Keep-Alive
Content-Type: text/plain
Keep-Alive: timeout=15
Content-Length: 0
Expires: Mon, 18 Sep 2017 09:08:55 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 698294585a9b44f5abd3073732325a0436f19bfa7b3ae2b89c88653803011c95

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/gif;charset=UTF-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 387cfaa1ebcfdd7d3495a7372cf6381ea76fcd37fc500663f9799e896d537d6c

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1 200
OK nbs-lazy-load.min.js Show response
www.nationwide.co.uk/assets/main-site/script/bundle/ 24 KB
7 KB 46ms
45ms Script
application/x-javascript 155.131.44.69

General

Check archive.org

Show headers Download Go to

Full URL

http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-lazy-load.min.js?v=20170205

Requested by

Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812

Protocol

HTTP/1.1

Server

155.131.44.69 Swindon, United Kingdom, ASN13114 (, GB),

Reverse DNS

dusa2400.www.nationwide.co.uk

Software

Resource Hash

2db795728153ee5eeda6545e701dd947779d6523f3f1fbbd5af4068afe2740f1

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com 'self'; connect-src *.bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 04 Sep 2017 16:07:44 GMT
ETag: "08826f19725d31:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: max-age=300
Date: Tue, 19 Sep 2017 09:08:54 GMT
Accept-Ranges: bytes
Content-Length: 7373
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

js Show response
pixel.mathtag.com/sync/
Redirect Chain

https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2...
https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2...

2 KB
2 KB

34ms
34ms

Script
text/javascript

23.35.106.97
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.106.97 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-35-106-97.deploy.static.akamaitechnologies.com
Software: MT3 1.15.14.4 5d3cdb7 master cdg-pixel-x12 /
Resource Hash: 79484be6d19990187fae037a5493d0731d79222d2e86c838d1368155560c800e

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Tue, 19 Sep 2017 09:08:56 GMT
Server: MT3 1.15.14.4 5d3cdb7 master cdg-pixel-x12
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 1790
Expires: Tue, 19 Sep 2017 09:08:55 GMT

Redirect headers

Date: Tue, 19 Sep 2017 09:08:56 GMT
Server: MT3 1.15.14.4 5d3cdb7 master cdg-pixel-x12
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 0
Expires: Tue, 19 Sep 2017 09:08:54 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ 43 B
43 B 1078ms
1078ms Image
image/gif 23.35.106.97
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.106.97 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-35-106-97.deploy.static.akamaitechnologies.com
Software: MT3 1.15.14.4 5d3cdb7 master cdg-pixel-x3 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Tue, 19 Sep 2017 09:08:57 GMT
Server: MT3 1.15.14.4 5d3cdb7 master cdg-pixel-x3
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 19 Sep 2017 09:08:55 GMT

GET iframe
pixel.mathtag.com/sync/ Frame 5342 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=f51b59c1-dea7-4d00-85a9-d70f0e4d3deb&no_iframe=1&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mt_exid=10068

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nationwide.co.uk/	1970-01-01 00:00:00	Name: s_ppv Value: bw%253Ahomepage%2C55%2C55%2C1200
.nationwide.co.uk/	1970-01-01 00:00:00	Name: s_cc Value: true
www.nationwide.co.uk/	1970-01-01 00:00:00	Name: ASP.NET_SessionId Value: rfwgsinltx2aun4kgp5tsegj
.nationwide.co.uk/	2017-12-18 09:08:55	Name: mbox Value: check#true#1505812195\|session#1f7fcf365ce6490dad36d0a03a66a9b9#1505813995\|PC#1f7fcf365ce6490dad36d0a03a66a9b9.26_25#1513588135
.www.nationwide.co.uk/	1970-01-01 00:00:00	Name: TS0172ed12 Value: 01462af7316e61cc39d2588a0c588bb6769d4aff47a2d355292f9d72438da07cc6bf82188e0f8c720ae213405a0470a53d96cf8c31
www.nationwide.co.uk/	2027-09-19 09:08:54	Name: SC_ANALYTICS_GLOBAL_COOKIE Value: 8e735c7975d141f4b43819ab3fcf06c2
www.nationwide.co.uk/	1970-01-01 00:00:00	Name: SC_ANALYTICS_SESSION_COOKIE Value: 3E7AED52DF6543CB87ED795499D70F40\|0\|rfwgsinltx2aun4kgp5tsegj
.nationwide.co.uk/	2019-09-19 09:08:55	Name: s_vi Value: [CS]v1\|2CE06F5385311A1B-40000128A0010AD9[CE]
.nationwide.co.uk/	2017-09-19 09:38:54	Name: gpv_p19 Value: bw%3Ahomepage
.nationwide.co.uk/	1970-01-01 00:00:00	Name: hero-carousel Value: Y
.www.nationwide.co.uk/	2017-09-19 09:28:54	Name: du Value: duSA
www.nationwide.co.uk/	1970-01-01 00:00:00	Name: TS018188d2 Value: 01462af73111aa891de95bf0ac4c16f7bcf8d8168f1186804feb94fce7eedf8166a9318d47ee223b17ef5163ebe38ee924c5f1fbc32af1c2872888542a3c679f3464b8aa56f7fefbcd945bf015febe3b6d668d52ff
.nationwide.co.uk/	2022-09-19 09:08:54	Name: s_fid Value: 199FCF4C48230648-305D4338F2043DA5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src .bing.com 'self'; connect-src .bing.com http://cdn.decibelinsight.net http://track.contently.com dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com .virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com .bing.com https://assets.contently.com .doubleclick.net googleads.g.doubleclick.net https://www.youtube.com notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net ipv4.google.com .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bowser.org
cdn.tt.omtrdc.net
metrics.nationwide.co.uk
nationwide.co.uk
nationwidebuildingso.tt.omtrdc.net
onlinebanking.nationwide.co.uk
pixel.mathtag.com
www.nationwide.co.uk
pixel.mathtag.com
143.95.79.238
155.131.32.21
155.131.44.69
23.35.106.97
23.8.10.180
66.117.29.6
66.235.148.65
00e71de1b5b9a2b4575d34b51ba5e629e3b96df3ac06eed6404823bf4d8f6fd0
08bbc1482f02133e9dd14192a267fedde84cab8fe9d2b4e368b554ecb9319652
0abda2869fb11b03264e97a250314f461f849d34bab7df0e2ce08380c8023845
154f369084c28c7ceaf71531663e84382b0f3ac78fffa7f91c4543499b8ee41b
168ec041aac4b24b99249292996c35a272b929d6834ef438c3502d7b8624a828
17561150e865649a9aeeee94cb0f7a17d5e77147d3f2edefbee566f95128ddb3
2c3b918df3d0dc8ce11328cd21f8d9defc5858231b70bb11cd896f2f0bf5ae46
2db795728153ee5eeda6545e701dd947779d6523f3f1fbbd5af4068afe2740f1
334c57024c802a2613e666895800b0f8173848457fa9c41aafcab6f52bf4f407
387cfaa1ebcfdd7d3495a7372cf6381ea76fcd37fc500663f9799e896d537d6c
429799489f780dafff620c295b42cead691065094774a492e1ed70a4a1155e05
473d0879aa99abd9c77e3bc5abd608e1a755839a75d9e9600fd9b4f09c95b0cf
583a108c7259c75dd0404b9393bf559211fe8f45c126475bd38c3e46d0ba57e3
5cfc1d72a6c4c817544222468ad1a2f27ed404481f529f223c05c1c52bb3ba2c
61671e94946a995dc7e1615d03e5583cece8038b30c611da2455f161891415a7
698294585a9b44f5abd3073732325a0436f19bfa7b3ae2b89c88653803011c95
6bf007f26e6ef3afceb0f3d750714b9f63c34f50960b9fd6d1f92539e9c83724
6c966bf9fbd36a14c1eb2e9f5abac1be3d43574dd0bfa0ffbef92dc8d68233f1
79484be6d19990187fae037a5493d0731d79222d2e86c838d1368155560c800e
7a36c109d4f4e743d395af93f7a9225ccadcea2eef1e7205535dc2a877cfdea3
917b3978bfa266a14a7f26f3e35e0e809a18f737e65e9ce7c33d5c9dff578e18
98f967059f5db23141c0710c86e1f7cb9939a88ac21af8ddf2bc723114b18b7f
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a969fbbbb85cd3169f07fea6ace801513eed163b98db5ce97bfabfed0a4cbfcf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b737de6ce41165c6c0cdb0fcafdcd2c7ae042384e9437bc3d62f7fe1dc58a1c6
b8a6be2ba40f95cbe801621b27df489ad139c904088fe6558423f788e04ed20f
bb960ace2b4ebda475150de99e127825489cf922e73f18dc27984629d25439fc
bff89835a1046925782d4aaebbfb550220f5d7e051e64bee859bb560cbfc9ac4
d62577f0ce7796e27f568ee125a7ba24f8115d818b980b612305c8ef1545e889
ebd4ffe29755de1cd14eec4a1e351bb3512e3f4d00d8193e59491c4fb81fe759

www.nationwide.co.uk Open in urlscan Pro 155.131.44.69 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

28 Requests

11 %HTTPS

0 %IPv6

4 Domains

8 Subdomains

7 IPs

3 Countries

581 kBTransfer

1171 kBSize

13 Cookies

17 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nationwide.co.uk Open in urlscan Pro
155.131.44.69 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

11 %
HTTPS

0 %
IPv6

4
Domains

8
Subdomains

7
IPs

3
Countries

581 kB
Transfer

1171 kB
Size

13
Cookies

28 HTTP transactions
4 data transactions