proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.112 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/
Effective URL:
https://proxy.qa.internal.sso.cambridge.org/login
Submission: On July 01 via automatic, source certstream-suspicious (July 1st 2023, 12:23:38 am UTC) — Scanned from DE

Summary HTTP 68 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 7 domains to perform 68 HTTP transactions. The main IP is 108.138.7.112, located in United States and belongs to AMAZON-02, US. The main domain is proxy.qa.internal.sso.cambridge.org.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 28th 2023. Valid for: a year.

This is the only time proxy.qa.internal.sso.cambridge.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	13.225.78.17 13.225.78.17	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2	13.42.157.192 13.42.157.192	16509 (AMAZON-02) (AMAZON-02)
1 4	13.32.121.36 13.32.121.36	16509 (AMAZON-02) (AMAZON-02)
16	108.138.7.112 108.138.7.112	16509 (AMAZON-02) (AMAZON-02)
5	18.209.204.66 18.209.204.66	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
17	184.30.16.250 184.30.16.250	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.176.172.170 35.176.172.170	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
68	12

9 13.225.78.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-17.fra2.r.cloudfront.net

qa-3.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.42.157.192 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-157-192.eu-west-2.compute.amazonaws.com

unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.121.36 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-36.fra60.r.cloudfront.net

openid.qa.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
openid.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 108.138.7.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-112.fra56.r.cloudfront.net

proxy.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.209.204.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: lb-d.us1.gigya.com

accounts.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 184.30.16.250 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-250.deploy.static.akamaitechnologies.com

cdns.eu1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.176.172.170 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-176-172-170.eu-west-2.compute.amazonaws.com

orgs.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	gigya.com accounts.gigya.com cdns.eu1.gigya.com — Cisco Umbrella Rank: 17282	798 KB
21	cambridge.org 1 redirects openid.qa.sso.cambridge.org proxy.qa.internal.sso.cambridge.org openid.qa.internal.sso.cambridge.org orgs.qa.internal.sso.cambridge.org	209 KB
11	cambridgeassessment.org.uk qa-3.internal.submitforassessment.cambridgeassessment.org.uk unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	1012 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	3 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	246 KB
3	gstatic.com fonts.gstatic.com	52 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1623	285 B
68	7

	Domain	Requested by
17	cdns.eu1.gigya.com	accounts.gigya.com cdns.eu1.gigya.com
16	proxy.qa.internal.sso.cambridge.org	qa-3.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org accounts.gigya.com
9	qa-3.internal.submitforassessment.cambridgeassessment.org.uk	qa-3.internal.submitforassessment.cambridgeassessment.org.uk
5	accounts.gigya.com	proxy.qa.internal.sso.cambridge.org accounts.gigya.com
5	fonts.googleapis.com	qa-3.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org client
4	www.googletagmanager.com	proxy.qa.internal.sso.cambridge.org www.googletagmanager.com
3	fonts.gstatic.com	fonts.googleapis.com
2	openid.qa.internal.sso.cambridge.org	accounts.gigya.com
2	region1.google-analytics.com	www.googletagmanager.com
2	openid.qa.sso.cambridge.org	1 redirects qa-3.internal.submitforassessment.cambridgeassessment.org.uk
2	unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	qa-3.internal.submitforassessment.cambridgeassessment.org.uk
1	orgs.qa.internal.sso.cambridge.org	proxy.qa.internal.sso.cambridge.org
68	12

This site contains no links.

Subject Issuer	Validity	Valid
qa-3.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M02	`2023-02-22` - `2023-08-29`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
dev.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M02	`2023-06-27` - `2024-07-25`	a year	crt.sh
openid.qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-03-15` - `2024-04-12`	a year	crt.sh
qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-05-28` - `2024-06-25`	a year	crt.sh
*.us1.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-18` - `2024-05-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
cdns.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-07` - `2023-12-07`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://proxy.qa.internal.sso.cambridge.org/login
Frame ID: B0950F26F9D02907C3B17E39146E7014
Requests: 52 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: 8A438BD1EB34B955849A3DA94D9C15E3
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 63ACD5C43D11E887E54A959E73F67475
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 241DD7E551F974BF11F4C0E56FB563A2
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: FD14B40B6A63109A79918339BA603847
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: 9B982A67217284B8993A3B3EA8C26040
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 726FC1186DBB7D7F526DEF49C53F83E3
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 2A907F9927B93F2EBB62983496C509FC
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 4D271B936277DC3ECFC6C9D488805725
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cambridge Login

Page URL History Show full URLs

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BR... HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611... Page URL
https://proxy.qa.internal.sso.cambridge.org/login Page URL

Detected technologies

SAP Customer Data Cloud Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

\.gigya\.com/JS/gigya\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

68
Requests

99 %
HTTPS

36 %
IPv6

7
Domains

12
Subdomains

12
IPs

3
Countries

2321 kB
Transfer

8612 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fqa-3.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=ff343941a3194f27be7fa9d47ebe1944&code_challenge=VY6z7sPuJYnuRsANh2SKM4U0hTY1pVpp5fyEE2o64zM&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Page URL
https://proxy.qa.internal.sso.cambridge.org/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fqa-3.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=ff343941a3194f27be7fa9d47ebe1944&code_challenge=VY6z7sPuJYnuRsANh2SKM4U0hTY1pVpp5fyEE2o64zM&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

68 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/ 4 KB
3 KB 73ms
9ms Document
text/html 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

b9d4740f9bf73e5ad28b97391c69f18495c406331ac2acd69cb3c0c77b84d974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 213209
content-encoding: gzip
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
content-type: text/html
date: Wed, 28 Jun 2023 13:10:01 GMT
etag: W/"4549c800dfe35ead7026a6566ed362f5"
expect-ct: max-age=86400, enforce
last-modified: Mon, 26 Jun 2023 14:03:51 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-amz-cf-id: efnGIga-AL9vH5D2Ydk7hB11N3sTTbjqQMJR6LBmmORfRO2pAaHe2A==
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 65ms
24ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:53:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:23:30 GMT

GET
H2 200 4.99df9bc1.chunk.js Show response
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 599 KB
156 KB 13ms
13ms Script
application/javascript 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 213209
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:53 GMT
server: CloudFront
etag: W/"f7d813d5e3a736a1ed9841edc193add7"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: lTUg5dTLq2-5d11IfzbfsrVT5kVSvApC8b9oBmtcbeK7YnkUQ1yRFA==

GET
H2 200 main.64bfe237.chunk.js Show response
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 14 KB
4 KB 31ms
30ms Script
application/javascript 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/main.64bfe237.chunk.js

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

e60168c59426cb9927809c712fe6f1f1dd9768763f9bec56b211ba0fd5766a7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 213209
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:53 GMT
server: CloudFront
etag: W/"a0ccb5457fe38099d6b7e2eb5ad77549"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: i6T8k_GriDHiJY-lg7exN58-Kg1p86g2xbcpeRH51teodHI4aZggtA==

GET
H2 200 application.env Show response
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/ 585 B
1 KB 13ms
12ms Fetch
application/octet-stream 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/application.env

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

5574f41179b2f77bb0d2bf0cdad80bfc96b6d9a7c4276c303419a2277168bc3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA2-C2
age: 213209
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
content-length: 585
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:51 GMT
server: CloudFront
etag: "a26505bf4f33546d6bde41267e2ff046"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/octet-stream
accept-ranges: bytes
x-amz-cf-id: Ae3ij6j1Ve4CWx0Y2LepB3SrxxVA-K-JdteUG65--rMt6ofqf1-Xog==

GET
H2 200 2.f12a0b49.chunk.css
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 932 B
2 KB 18ms
15ms Stylesheet
text/css 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/css/2.f12a0b49.chunk.css

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA2-C2
age: 213208
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
content-length: 932
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:51 GMT
server: CloudFront
etag: "75084b1491c88973ef22533045c064b6"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: ikOIzcMVQATu7vsrAnRNYw7JukcnfCdtot9rssTnjUU7HzANPpEFmA==

GET
H2 200 2.e93a756e.chunk.js Show response
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 4 MB
745 KB 18ms
16ms Script
application/javascript 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.e93a756e.chunk.js

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

8fea5222db0ab39b70aaa7141bd54e553599bd4bb673ddad566061129d39f4e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 213208
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:52 GMT
server: CloudFront
etag: W/"5939b434f5d108da81c44f4b002d30f6"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: 8_6aRAKl3HG22K7p00f1ensPkPCrJmXdB-XxI7SFJboh_RfiRef3pw==

GET
H2 200 3.de1eab18.chunk.css
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 264 B
1 KB 20ms
17ms Stylesheet
text/css 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/css/3.de1eab18.chunk.css

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA2-C2
age: 213208
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
content-length: 264
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:51 GMT
server: CloudFront
etag: "d2bb06af44c999cc109a3783a8447360"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: 9ZZg0EshDxlKeWjAxf_yBd76Vdlu5fXI9Gc7zqI7J3XTVYcJ0Sstsw==

GET
H2 200 3.61f848d3.chunk.js Show response
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 433 KB
98 KB 19ms
17ms Script
application/javascript 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/3.61f848d3.chunk.js

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

da6a52cd7193bff0e5b2db366c4624328ffa470504e3877284663bc3ea57fa13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 213208
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:52 GMT
server: CloudFront
etag: W/"f9f79601611533c286eb63b02527e82f"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: NnbystiN92byWPQq33dHyOUfBjZZtF5AcenLbVdV7e8zkyDlZ3bapQ==

GET
H2 200 5.7fbdb9e5.chunk.js
qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 456 B
1 KB 14ms
14ms Script
application/javascript 13.225.78.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/5.7fbdb9e5.chunk.js

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-17.fra2.r.cloudfront.net

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:10:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA2-C2
age: 213209
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Hit from cloudfront
content-length: 456
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 26 Jun 2023 14:03:53 GMT
server: CloudFront
etag: "817a72a94824ce7dc3bb0ead7d849776"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: Qf6ggp97Zr6Qejxi_oszU-RpDiMcT42-umbhxKHkOIIvc-582alehQ==

OPTIONS
H2 204 proxy
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ Frame 0
0 97ms
23ms Preflight 13.42.157.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=43468145&appName=sfa&environment=default
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.157.192 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-157-192.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,if-none-match
Access-Control-Request-Method: GET
Origin: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,if-none-match
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: ETag
access-control-max-age: 172800
date: Sat, 01 Jul 2023 00:23:31 GMT
vary: Access-Control-Request-Headers

GET
H2 200 proxy
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ 239 B
775 B 24ms
23ms Fetch
application/json 13.42.157.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=43468145&appName=sfa&environment=default
Requested by: Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.e93a756e.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.157.192 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-157-192.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: application/json
Referer
If-None-Match
accept-language: de-DE,de;q=0.9
Authorization: j8iZYKUOqIutukXvc09XvrToZhhUIn3tgSz53y2snfFQpKlyaUmjsiNa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Jul 2023 00:23:31 GMT
etag: W/"ef-fDikMOOGNuxXIHPQiGhFujdLQnU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: public, max-age=2
content-length: 239

GET
H2 200 openid-configuration
openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/ 2 KB
1 KB 235ms
137ms XHR
application/json 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/openid-configuration
Requested by: Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.e93a756e.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-36.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:30 GMT
content-encoding: gzip
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 687
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: application/json; charset=utf-8
access-control-allow-origin: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk
x-callid: e5f144857ca14177b4cce71537ad83d8
cache-control: private
access-control-allow-credentials: true
x-server: eu1b-nomad-t9
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: bGXvxY6WZhn9TM4Jypf4zkQMn-HUTTPqqA5PYvHaUD0JZqH37gg9SQ==

GET
H2

200

proxy Show response
proxy.qa.internal.sso.cambridge.org/
Redirect Chain

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fqa-3.inte...
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+rol...

1 KB
2 KB

56ms
15ms

Document
text/html

108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Requested by

Host: qa-3.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.e93a756e.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 163
content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Sat, 01 Jul 2023 00:20:49 GMT
etag: W/"30542a2fd5da6ba72ba88c496aac7f5b"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-amz-cf-id: OgGD50rKPo0XG5tCS-SQIYI2ULUru3bT37bZ6sNXD6Eu3frVQcppSA==
x-amz-cf-pop: FRA56-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 0
date: Sat, 01 Jul 2023 00:23:31 GMT
location: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
x-amz-cf-id: 7tQMmyXlM7hkZTU5tUKN8DdGoBsEdFoH_ZvWLl3va2xTpteFY175Mw==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-callid: 2757ce2bf096477899dab83d7e7c6c10
x-error-code: 0
x-robots-tag: none
x-server: eu1b-nomad-t5
x-soa: true, Gator

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 11ms
8ms Script
application/javascript 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 163
x-cache: Hit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: nxxuyJLp4fNJCgKL50zJDY0yc5s29Y5aji8W_hPAVAVl6lqQIY6RrQ==

GET
H2 200 loader.css
proxy.qa.internal.sso.cambridge.org/css/ 387 B
2 KB 12ms
8ms Stylesheet
text/css 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:51 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 54160
x-cache: Hit from cloudfront
content-length: 387
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "02ecd10b224d4b0e9b9299b18350701c"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: J46hTEph7rkRTvWrcrffCC1TwjTguwV8AyfjDaUAZ6HauQomkjviIQ==

GET
H2 200 back_cache_cleanup.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 203 B
1 KB 12ms
9ms Script
application/javascript 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/back_cache_cleanup.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:45 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 49247
x-cache: Hit from cloudfront
content-length: 203
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "38a9d4dfd48c723df8cef5f1a03c0971"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: peUJXwOLOu1_1LCx8bFVwLQjb__mZiTQw3_awrxwaOJKKpvMZq862A==

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/JS/ 500 KB
164 KB 510ms
279ms Script
text/javascript 18.209.204.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.209.204.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 71f930bb975f7b63a28ed8293124f1a5bbcfb926f142dd26e6ded6924b933ed3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t9
x-callid: be0f04e53ecf43689fc191a82e0ee81a
x-error-code: 0
x-robots-tag: none
content-length: 167933

GET
H/1.1 200
OK gigya.oidc.js Show response
accounts.gigya.com/JS/ 20 KB
7 KB 344ms
112ms Script
text/javascript 18.209.204.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.209.204.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:31 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t16
x-callid: 5a3bd8a95e8d465ea73e2b5504f39ae6
x-error-code: 0
x-robots-tag: none
content-length: 6667

GET
H2 200 spinner.svg
proxy.qa.internal.sso.cambridge.org/assets/ 640 B
2 KB 9ms
9ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/spinner.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 162
x-cache: Hit from cloudfront
content-length: 640
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: "f143559003fc6e3c7bd0a7966a7e2491"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: s14gnWG-rP7nLGG6HXSyeNnwK9qV6b9P9sCRUm1KA2kpGarkeOY95A==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
42 KB 59ms
22ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae943b05dcc0ce275872fd5cb9155ae2638aafa4df35f3aa29d467e5cc80e72c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42858
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 01 Jul 2023 00:23:31 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
518 B 24ms
22ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:58:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:23:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
81 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63ab5ab7e7d1d188d7be3c90ca768c90698ef0d2043a4b35d8996189ba357081

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82710
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 01 Jul 2023 00:23:32 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
268 B 48ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1822493510&cid=1835363838.1688171012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1688171012&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Jul 2023 00:23:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 136ms
71ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H2 200 Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame 8A43 121 KB
43 KB 45ms
23ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:32 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 62ee47c3c7dc402ca00d876551419bc5
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t4
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 8A43 6 KB
2 KB 8ms
8ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H2 200 accounts.webSdkBootstrap Show response
openid.qa.internal.sso.cambridge.org/ 199 B
1 KB 177ms
138ms XHR
text/javascript 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.internal.sso.cambridge.org/accounts.webSdkBootstrap?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&pageURL=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&sdk=js_latest&sdkBuild=13987&format=json
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-36.fra60.r.cloudfront.net
Software: /
Resource Hash: 15a55242da259d492394c0f4ef5d1cfa006017e482288b7e34467ae511cef113

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 173
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
x-callid: a4599a36b3164032b9ee5e55808976d0
cache-control: private
access-control-allow-credentials: true
x-server: eu1a-nomad-t3
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: rK3KGyebtoK8-w15jVLx80mGY6jCkeJjincqy6K7DRB5n_s2RYTVfQ==

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 63AC 93 KB
32 KB 16ms
16ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:32 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 241D 93 KB
32 KB 12ms
11ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:32 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 241D 6 KB
2 KB 10ms
10ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 63AC 6 KB
2 KB 9ms
9ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 Primary Request login Show response
proxy.qa.internal.sso.cambridge.org/ 866 B
2 KB 10ms
9ms Document
text/html 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/login

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

b3cb958c763e40d68d9ac3c63b676de4ad1b32d0e642a205fecaadf200a9abe3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 49246
content-length: 866
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Fri, 30 Jun 2023 10:42:48 GMT
etag: "8ce8b59496aee2ded64d5660a9bf3e70"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-amz-cf-id: wZqYaFxbPsnFFJP79GKY2uHs8K29m3Oa_ayfRHh9NKaPvoKfWa8IjQ==
x-amz-cf-pop: FRA56-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 sso.htm
cdns.eu1.gigya.com/gs/ Frame FD14 93 KB
0 7ms
7ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:33 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

POST collect
region1.google-analytics.com/g/ 0
0

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/js/ 500 KB
164 KB 116ms
116ms Script
text/javascript 18.209.204.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.209.204.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 71f930bb975f7b63a28ed8293124f1a5bbcfb926f142dd26e6ded6924b933ed3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:32 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t7
x-callid: f95583b43bfc45978e1f9a1309454619
x-error-code: 0
x-robots-tag: none
content-length: 167933

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 11ms
10ms Script
application/javascript 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:20:49 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 165
x-cache: Hit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: C_1XHTR7ZYuhaTITIwUC2iEOd6aP_CK9QfadKo-ixBxZxdisMEPlbQ==

GET
H2 200 constants.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 666 B
2 KB 9ms
9ms Script
application/javascript 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/constants.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

31ce1a469a82b6529e12267ea27792addd9284a3b769eb8789551516f52b0448

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:48 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 49246
x-cache: Hit from cloudfront
content-length: 666
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "bef83bc451aa5912bda92b7264049966"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: h5VCPbaLm1YTpcllbqV-XF78h7G05BkwIBjXh-qvaTqcUZ9nKmSfRw==

GET
H2 200 loginUtils.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 3 KB
2 KB 10ms
9ms Script
application/javascript 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/loginUtils.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

59d3a762b8633b4cc9aa5b9d68fc4810aa63ae31723615e21408303adfd2f057

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:30 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 64
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: W/"635ff0cc57a85419561b55894c66bf46"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: sZ3YwxIljnI6O_HwuYUKuoIOWTAztMNF4nIlQ8rb1S3Tw2O0NddB2Q==

GET
H2 200 login.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 341 B
1 KB 10ms
10ms Script
application/javascript 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/login.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

3a213b9803edeb8427b9361ac14abbba4dce40daf744f057158190e3bae93233

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:30 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 64
x-cache: Hit from cloudfront
content-length: 341
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "986f27a6adcc3062fb06b57457fa31dd"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: xijWjbyVSNcgIOmVLc6N5LJZ1pFN8g9KqVHE2imkkPKxP8d-UmNONQ==

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 10ms
10ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
42 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4dc04338a104ada17d2d30ec9f6b8a07dc27f80b058a2ba0f7a317fbcc99a612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42868
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 01 Jul 2023 00:23:33 GMT

GET
H2 200 _a_gooYPMTmWpZ_BXOn9qqpc Show response
orgs.qa.internal.sso.cambridge.org/client/ 45 B
166 B 302ms
123ms Fetch
application/json 35.176.172.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://orgs.qa.internal.sso.cambridge.org/client/_a_gooYPMTmWpZ_BXOn9qqpc
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/loginUtils.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.176.172.170 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-176-172-170.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 938bbc57164ca1406278f7dd6873bf9613774436c49c4477afeab46de72c1e35

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 01 Jul 2023 00:23:33 GMT
content-length: 45
apigw-requestid: HW7A5jKvLPEEMnw=
content-type: application/json

GET
H2 200 Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame 9B98 121 KB
43 KB 8ms
8ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:33 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 62ee47c3c7dc402ca00d876551419bc5
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t4
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 9B98 6 KB
2 KB 8ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 5654629e397440b5b46b3d82cd58565f
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t8
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2169

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
81 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bca684e82066141015e913884818fe7d188663160d8eb8ec1fe6d988e25b1c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82824
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 01 Jul 2023 00:23:33 GMT

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 726F 93 KB
32 KB 66ms
66ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:33 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 2A90 93 KB
32 KB 65ms
65ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:33 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 18ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1755180646&cid=1835363838.1688171012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1688171012&sct=1&seg=1&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Flogin&dt=Cambridge%20Login&en=page_view
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Jul 2023 00:23:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 726F 6 KB
2 KB 48ms
48ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 2A90 6 KB
2 KB 30ms
30ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H/1.1 200
OK gigya.services.plugins.base.min.js Show response
accounts.gigya.com/js/ 577 KB
174 KB 106ms
105ms Script
text/javascript 18.209.204.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.services.plugins.base.min.js?services=gigya.services.accounts.plugins.screenSet&lang=en&version=latest
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.209.204.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 6255d3928bafd4525699c8ad2b13f6c57ddf7395ceeb0f6c225a09c10620ff49

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t9
x-callid: 3f00b3a2992a4f6986154d521613eda9
x-error-code: 0
x-robots-tag: none
content-length: 178061

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 4D27 93 KB
32 KB 50ms
50ms Document
text/html 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-16-250.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32877
content-type: text/html; charset=utf-8
date: Sat, 01 Jul 2023 00:23:33 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 4c3b9aa7ded646aaa83b7553c3aa5387
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t12
x-soa: true, Gator

GET
H2 200 accounts.getScreenSets Show response
openid.qa.internal.sso.cambridge.org/ 305 KB
56 KB 153ms
152ms XHR
text/javascript 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.internal.sso.cambridge.org/accounts.getScreenSets?screenSetIDs=CambridgeLogin-RegistrationLogin&include=html%2Ccss%2Cjavascript%2Ctranslations%2C&lang=en&APIKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Flogin&sdkBuild=13987&format=json&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-36.fra60.r.cloudfront.net
Software: /
Resource Hash: dd4ca6b707a1b685212a8b750c446cfc5798004021e6ea84d950ab75ed77b254

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 56483
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
x-callid: e0a87e14bf744907b4ff15b5719948f4
cache-control: private
access-control-allow-credentials: true
x-server: eu1a-nomad-t10
vary: Origin,Accept-Encoding
x-robots-tag: none
x-amz-cf-id: ShFIEDOpj3hi6fxRVZ71MIU2CweswzsVAxCZplFb4556IMubtJukKw==

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 4D27 6 KB
2 KB 7ms
7ms Fetch
text/javascript 184.30.16.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.250 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 0a446a8befa94f7c97dc79047269b0da
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2151

GET
H3 200 css2
fonts.googleapis.com/ 10 KB
790 B 32ms
26ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

029bb5d248019deb70476021d41809a4922c550bd730d66cfa1c3f6840bbee75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:52:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:23:34 GMT

GET
H3 200 css2
fonts.googleapis.com/ 8 KB
603 B 32ms
27ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3dd5fbdf219d660d206f06bd5e0b4aaf1298c6f795a196ddceb3a69526947f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:57:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:23:34 GMT

GET
H3 200 icon
fonts.googleapis.com/ 569 B
366 B 33ms
27ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Jul 2023 00:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 01 Jul 2023 00:23:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Jul 2023 00:23:34 GMT

GET
H2 200 CambridgePressAssessmentLogo.svg
proxy.qa.internal.sso.cambridge.org/assets/ 147 KB
58 KB 9ms
9ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/CambridgePressAssessmentLogo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

93035f19fba8a6a8fe5aa92f085a19f164444e215896d52d0bd8a763670ce946

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:58 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 54157
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"afad4c0fd68e2165d20647f207071223"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: PgnEsq4rQtxZNaTpjC3I0C1f3mtP099g5Kbdqf_2CkVxrG2_OWg6eg==

GET
H2 200 staffAccountSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 146 KB
56 KB 15ms
14ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/staffAccountSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

0135dfbfabdcc3b666a123269e2bf6b73d2bba7b9498b92c7ea80d32799c03d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:31 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 64
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"dd33a40f5a91c7a7de45e35c56864052"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: n82JQpChz2fKGdnvcp78yms_6ug0DzyWEKuszScIU1Z5ztivzQxQdQ==

GET
H/1.1 200
OK gigya.services.socialize.plugins.login_v2.min.js Show response
accounts.gigya.com/js/ 61 KB
19 KB 107ms
107ms Script
text/javascript 18.209.204.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.services.socialize.plugins.login_v2.min.js?lang=en&version=latest
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.209.204.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 61c182c95dd0c09f8f25727f809c7daed9efe96c20d4fe7b26cbf0463a3e9ae8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 00:23:33 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t14
x-callid: dfe9daa8037d41c6bfe42b882a31bcea
x-error-code: 0
x-robots-tag: none
content-length: 18835

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 62ms
27ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://proxy.qa.internal.sso.cambridge.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:31:10 GMT
x-content-type-options: nosniff
age: 557544
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 13:31:10 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 15 KB
15 KB 48ms
13ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://proxy.qa.internal.sso.cambridge.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 365493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:52:01 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 14 KB
15 KB 51ms
16ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://proxy.qa.internal.sso.cambridge.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 365493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:52:01 GMT

GET
H2 200 facebookSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 8 KB
4 KB 10ms
9ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/facebookSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2ff3d18561746c163cfd077f333a92f70db5ab24835cd0e8e9ca384e1fbd86e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:58 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 54157
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"1fe3618466992908d0832f47565bcff8"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: r9ffx3-OGgddbWSpUu1WC85k77GZKkWTH6xoZkzA2m4FXsm0CnY92w==

GET
H2 200 googleSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 9 KB
5 KB 11ms
10ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/googleSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

9a37f16657c987d4c8522be91253e750908ee76772ec7449fe190c5a3dceddce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:20:58 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 54157
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"57a0a02bc947df18c15feeff5581f9cd"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: 5KlNDy62v8fJ6aCF99rf48LlLoF96M_5yC0HrLjBmuDOZotPF-7s9Q==

GET
H2 200 appleSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 12 KB
6 KB 11ms
11ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/appleSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

f0d48b46d5263a011ccb2015efe852afea12cb1bc68883ced508d86c605cf594

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 10:42:50 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 49245
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"df2aba54eaa236cfe3e724372e141f8b"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: z5me_D4jFjaOumUch7HsmEZY4d4sFUHbYZDjnnNxhLYH1S-W9fNb9Q==

GET
H2 200 microsoftSignIn.svg
proxy.qa.internal.sso.cambridge.org/assets/ 8 KB
4 KB 12ms
11ms Image
image/svg+xml 108.138.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/microsoftSignIn.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-112.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

4b41ba703b52195e14577eabf218b29d84c5676417797c7453598c6b3dcfd745

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://proxy.qa.internal.sso.cambridge.org/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sat, 01 Jul 2023 00:22:31 GMT
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 64
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: W/"008d26dd4f342de2f5b896a5676583c1"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: orvdAWSHl5Gl_n6WYYvCjhGEdNjwRKc7oGadNMn9zF9mOzeC9Te9UQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36s0&_p=1822493510&cid=1835363838.1688171012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1688171012&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=scroll&epn.percent_scrolled=90&_et=3

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cambridge.org/	1970-01-20 22:32:11	Name: _ga Value: GA1.1.1835363838.1688171012
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary Value: false
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 14068-3-28136190
.openid.qa.internal.sso.cambridge.org/	1970-01-20 21:43:13	Name: gmid Value: gmid.ver4.AcbH0kOGag.pI4Nga2YoPO6oaBsJnbgTw4GFgEbxqeqPF0s3MGeM9RROkn1Ezp3x1VdiqMrg7aC.001x2GJ8jNdcr0jX2AidNAkcJkWI9ZDuwjbLDKI7-9cJKv5xLDr_rdYlo_J7ddI2_5DBTNx7WZeQ-aMQdW4ZlQ.sc3
.openid.qa.internal.sso.cambridge.org/	1970-01-20 21:43:13	Name: ucid Value: YibaMrhgitR6xqT1itaIOw
.openid.qa.internal.sso.cambridge.org/	1970-01-20 17:21:12	Name: hasGmid Value: ver4
.qa.internal.sso.cambridge.org/	1970-01-20 21:41:47	Name: gig_bootstrap_3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit Value: openid_ver4
.cdns.eu1.gigya.com/	1970-01-20 21:41:47	Name: gig_canary_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: false
.cdns.eu1.gigya.com/	1970-01-20 21:41:47	Name: gig_canary_ver_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: 14068-3-28136190
.cdns.eu1.gigya.com/	1970-01-20 21:41:47	Name: apiDomain_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: openid.qa.internal.sso.cambridge.org
.cambridge.org/	1970-01-20 22:32:11	Name: _ga_QBZ91CH3NC Value: GS1.1.1688171012.1.1.1688171013.0.0.0

233 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://qa-3.internal.submitforassessment.cambridgeassessment.org.uk/ Message: The Content Security Policy directive 'sandbox' is ignored when delivered in a report-only policy.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.VxVzsOTIganTkPqB1PXah7tI5Yc96yTeQS_6grfS7Ho.1688171611&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/login Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.gigya.com
cdns.eu1.gigya.com
fonts.googleapis.com
fonts.gstatic.com
openid.qa.internal.sso.cambridge.org
openid.qa.sso.cambridge.org
orgs.qa.internal.sso.cambridge.org
proxy.qa.internal.sso.cambridge.org
qa-3.internal.submitforassessment.cambridgeassessment.org.uk
region1.google-analytics.com
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk
www.googletagmanager.com
region1.google-analytics.com
108.138.7.112
13.225.78.17
13.32.121.36
13.42.157.192
18.209.204.66
184.30.16.250
2001:4860:4802:34::36
2a00:1450:4001:806::200a
2a00:1450:4001:813::2003
2a00:1450:4001:82b::2008
35.176.172.170
0135dfbfabdcc3b666a123269e2bf6b73d2bba7b9498b92c7ea80d32799c03d3
029bb5d248019deb70476021d41809a4922c550bd730d66cfa1c3f6840bbee75
074aa246095f6db27a073d8692e802bca9cfac42a9f0692b50f35b712675cd08
15a55242da259d492394c0f4ef5d1cfa006017e482288b7e34467ae511cef113
2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85
2ff3d18561746c163cfd077f333a92f70db5ab24835cd0e8e9ca384e1fbd86e7
31ce1a469a82b6529e12267ea27792addd9284a3b769eb8789551516f52b0448
348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d
37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a
3a213b9803edeb8427b9361ac14abbba4dce40daf744f057158190e3bae93233
3dd5fbdf219d660d206f06bd5e0b4aaf1298c6f795a196ddceb3a69526947f66
4b41ba703b52195e14577eabf218b29d84c5676417797c7453598c6b3dcfd745
4dc04338a104ada17d2d30ec9f6b8a07dc27f80b058a2ba0f7a317fbcc99a612
5574f41179b2f77bb0d2bf0cdad80bfc96b6d9a7c4276c303419a2277168bc3b
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153
59d3a762b8633b4cc9aa5b9d68fc4810aa63ae31723615e21408303adfd2f057
61c182c95dd0c09f8f25727f809c7daed9efe96c20d4fe7b26cbf0463a3e9ae8
6255d3928bafd4525699c8ad2b13f6c57ddf7395ceeb0f6c225a09c10620ff49
63ab5ab7e7d1d188d7be3c90ca768c90698ef0d2043a4b35d8996189ba357081
71f930bb975f7b63a28ed8293124f1a5bbcfb926f142dd26e6ded6924b933ed3
7908a97d7bfb5c833728288c612bb5af0275859c524c14bed8c714b25397ac94
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504
8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9
8fea5222db0ab39b70aaa7141bd54e553599bd4bb673ddad566061129d39f4e1
93035f19fba8a6a8fe5aa92f085a19f164444e215896d52d0bd8a763670ce946
938bbc57164ca1406278f7dd6873bf9613774436c49c4477afeab46de72c1e35
9a37f16657c987d4c8522be91253e750908ee76772ec7449fe190c5a3dceddce
9e9a73edb3e7d191f1bf3a86ba22245af1f36567d35ad42df0420ad0ad181862
a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3
ae943b05dcc0ce275872fd5cb9155ae2638aafa4df35f3aa29d467e5cc80e72c
b3cb958c763e40d68d9ac3c63b676de4ad1b32d0e642a205fecaadf200a9abe3
b9d4740f9bf73e5ad28b97391c69f18495c406331ac2acd69cb3c0c77b84d974
bca684e82066141015e913884818fe7d188663160d8eb8ec1fe6d988e25b1c2a
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6
cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b
d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274
da6a52cd7193bff0e5b2db366c4624328ffa470504e3877284663bc3ea57fa13
dd4ca6b707a1b685212a8b750c446cfc5798004021e6ea84d950ab75ed77b254
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60168c59426cb9927809c712fe6f1f1dd9768763f9bec56b211ba0fd5766a7c
ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27
f0d48b46d5263a011ccb2015efe852afea12cb1bc68883ced508d86c605cf594

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro 108.138.7.112 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

68 Requests

99 %HTTPS

36 %IPv6

7 Domains

12 Subdomains

12 IPs

3 Countries

2321 kBTransfer

8612 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

68 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.112 Public Scan

Screenshot
Live screenshot

Full Image

68
Requests

99 %
HTTPS

36 %
IPv6

7
Domains

12
Subdomains

12
IPs

3
Countries

2321 kB
Transfer

8612 kB
Size

11
Cookies

68 HTTP transactions
0 data transactions