proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.17 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dev.internal.submitforassessment.cambridgeassessment.org.uk/
Effective URL:
https://proxy.qa.internal.sso.cambridge.org/login
Submission: On June 26 via automatic, source certstream-suspicious (June 26th 2023, 3:48:59 am UTC) — Scanned from DE

Summary HTTP 55 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 6 domains to perform 55 HTTP transactions. The main IP is 108.138.7.17, located in United States and belongs to AMAZON-02, US. The main domain is proxy.qa.internal.sso.cambridge.org.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 28th 2023. Valid for: a year.

This is the only time proxy.qa.internal.sso.cambridge.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	13.32.99.85 13.32.99.85	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	35.178.99.190 35.178.99.190	16509 (AMAZON-02) (AMAZON-02)
1 4	13.32.121.36 13.32.121.36	16509 (AMAZON-02) (AMAZON-02)
10	108.138.7.17 108.138.7.17	16509 (AMAZON-02) (AMAZON-02)
4	107.23.218.60 107.23.218.60	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
16	23.213.165.54 23.213.165.54	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.169.210.15 18.169.210.15	() ()
55	11

9 13.32.99.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-85.fra60.r.cloudfront.net

dev.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.178.99.190 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-178-99-190.eu-west-2.compute.amazonaws.com

unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.121.36 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-36.fra60.r.cloudfront.net

openid.qa.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
openid.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 108.138.7.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-17.fra56.r.cloudfront.net

proxy.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 107.23.218.60 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: lb-d.us1.gigya.com

accounts.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.213.165.54 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-165-54.deploy.static.akamaitechnologies.com

cdns.eu1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.210.15 (None, )

ASN- ()

orgs.qa.internal.sso.cambridge.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	gigya.com accounts.gigya.com cdns.eu1.gigya.com — Cisco Umbrella Rank: 17210	779 KB
15	cambridge.org 1 redirects openid.qa.sso.cambridge.org proxy.qa.internal.sso.cambridge.org openid.qa.internal.sso.cambridge.org orgs.qa.internal.sso.cambridge.org	20 KB
11	cambridgeassessment.org.uk dev.internal.submitforassessment.cambridgeassessment.org.uk unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	1012 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	246 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1832	286 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 80	2 KB
55	6

	Domain	Requested by
16	cdns.eu1.gigya.com	accounts.gigya.com cdns.eu1.gigya.com
10	proxy.qa.internal.sso.cambridge.org	dev.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org accounts.gigya.com
9	dev.internal.submitforassessment.cambridgeassessment.org.uk	dev.internal.submitforassessment.cambridgeassessment.org.uk
4	www.googletagmanager.com	proxy.qa.internal.sso.cambridge.org www.googletagmanager.com
4	accounts.gigya.com	proxy.qa.internal.sso.cambridge.org accounts.gigya.com
2	openid.qa.internal.sso.cambridge.org	accounts.gigya.com
2	region1.google-analytics.com	www.googletagmanager.com
2	openid.qa.sso.cambridge.org	1 redirects dev.internal.submitforassessment.cambridgeassessment.org.uk
2	unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk	dev.internal.submitforassessment.cambridgeassessment.org.uk
2	fonts.googleapis.com	dev.internal.submitforassessment.cambridgeassessment.org.uk proxy.qa.internal.sso.cambridge.org
1	orgs.qa.internal.sso.cambridge.org	proxy.qa.internal.sso.cambridge.org
55	11

This site contains no links.

Subject Issuer	Validity	Valid
dev.internal.submitforassessment.cambridgeassessment.org.uk Amazon RSA 2048 M01	`2023-02-21` - `2023-08-24`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
openid.qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-03-15` - `2024-04-12`	a year	crt.sh
qa.internal.sso.cambridge.org Amazon RSA 2048 M02	`2023-05-28` - `2024-06-25`	a year	crt.sh
*.us1.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-18` - `2024-05-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
cdns.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-07` - `2023-12-07`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://proxy.qa.internal.sso.cambridge.org/login
Frame ID: 370D394C60A057E63935F28DD46C716E
Requests: 39 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: F275BB9CE87BA9AA704AFA694D1CB708
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 21880DBCF2BEDDFC8B15B22126987CA1
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 4745403A75EAC17A9F83115D135F65BA
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 30979CB047DD4A3B16DA346805F4549A
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Frame ID: 8AD64ECB93B06BF39B4FE02FD15A7CBE
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 0A2D9C281DB25B0524D50D4C6A5A2A7B
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 3A372C880318B0B78D3CDC771797DDB4
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Frame ID: 3DDB23567F5C2CF2B70B90FA88D35BFF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cambridge Login

Page URL History Show full URLs

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BR... HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936... Page URL
https://proxy.qa.internal.sso.cambridge.org/login Page URL

Detected technologies

SAP Customer Data Cloud Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

\.gigya\.com/JS/gigya\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

55
Requests

96 %
HTTPS

30 %
IPv6

6
Domains

11
Subdomains

11
IPs

3
Countries

2060 kB
Transfer

8055 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/ Page URL
https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fdev.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=8c3a0bde5458435cb10d4d1a88c0ac22&code_challenge=rCD3Ny0Rp4zRcg0GoRUnXtTXwA3gCWa5TLuVL3h2_h8&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Page URL
https://proxy.qa.internal.sso.cambridge.org/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fdev.internal.submitforassessment.cambridgeassessment.org.uk%2Fcallback&response_type=code&scope=openid%20profile%20email%20roles%20orgs%20systemIDs%20claims%20businessStream&state=8c3a0bde5458435cb10d4d1a88c0ac22&code_challenge=rCD3Ny0Rp4zRcg0GoRUnXtTXwA3gCWa5TLuVL3h2_h8&code_challenge_method=S256&response_mode=query HTTP 302
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

55 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/ 4 KB
3 KB 65ms
21ms Document
text/html 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

2a59fe4db83d881fc7ac349a0a42b3a651079eff50b563a1b04cf5d81afce41c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23
content-encoding: gzip
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
content-type: text/html
date: Mon, 26 Jun 2023 03:48:30 GMT
etag: W/"e1d2ab162af029b2f624cf3f5a14355f"
expect-ct: max-age=86400, enforce
last-modified: Thu, 01 Jun 2023 10:37:12 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-amz-cf-id: Z6nNWLG8sWoweU8B_GBP_m-6eZOagH4Sp-vbaM466x_LLAnin2GfLA==
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 131ms
44ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Jun 2023 03:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 03:12:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Jun 2023 03:48:54 GMT

GET
H2 200 4.99df9bc1.chunk.js Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 599 KB
156 KB 471ms
470ms Script
application/javascript 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:14 GMT
server: CloudFront
etag: W/"fa70441d8b1dea19dc5a114c46031aa8"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: X6bxu5Y8NLF99QYCj0dPItNdG4xSPSPSFnja_fYAi6JDTzhDLH_NhQ==

GET
H2 200 main.1bdf1ed0.chunk.js Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 14 KB
4 KB 535ms
534ms Script
application/javascript 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/main.1bdf1ed0.chunk.js

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

c86462796803501129c23a36fda51d6e2798350cfcdd86ca73f6138a1c17fe88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:15 GMT
server: CloudFront
etag: W/"62783cf61beef30bd91df37623b9f395"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: 2Db2XsOZ0Nl_7CnYMiOyfljO91cy8qduxq_EopnY9TRq6AyhTv2Xuw==

GET
H2 200 application.env Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/ 584 B
1 KB 222ms
222ms Fetch
application/octet-stream 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/application.env

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/4.99df9bc1.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

0c1ef5a32b2dcf474faedb663871b53998c022d78d069256e6a8fcae1e882c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 584
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:12 GMT
server: CloudFront
etag: "07df0cdfde65cf1f5df5719dc3c3f3da"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/octet-stream
accept-ranges: bytes
x-amz-cf-id: ag0jLspbb1gpqSmCMQ7yzMHFcI6g6cCj3ZRY9663ICyZljeCPDX8xA==

GET
H2 200 2.f12a0b49.chunk.css
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 932 B
2 KB 237ms
236ms Stylesheet
text/css 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/css/2.f12a0b49.chunk.css

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 932
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:12 GMT
server: CloudFront
etag: "c8f0143b6ead25aa3834ec1ccc0ad5e6"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: -dqkxEvcGZ2SYgN69DrsZqjVMza5WQwwBnYExKznMk80QAZOTyixSA==

GET
H2 200 2.01147f64.chunk.js Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 4 MB
746 KB 291ms
289ms Script
application/javascript 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.01147f64.chunk.js

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

b3e48be6c2d89a6685774e3b2a45da8263044ed643ab974ff6974475e832ef71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:13 GMT
server: CloudFront
etag: W/"54967eacb105f340787a75991121b2cd"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: Oajpxv6Hj7s85hs7sbf-bBURyB8TIdNL6PFeo839XgIkCum1WMYVNg==

GET
H2 200 3.de1eab18.chunk.css
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/css/ 264 B
1 KB 225ms
223ms Stylesheet
text/css 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/css/3.de1eab18.chunk.css

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 264
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:12 GMT
server: CloudFront
etag: "852e6bb6c4e29ec0de1a4a1ac11a37cf"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: WVcvrEp-ZC4sQN4ztlXOzmYsea7lPohQATuLnGkzP-XU61pl2VFo8A==

GET
H2 200 3.ee6f1822.chunk.js Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 429 KB
97 KB 305ms
304ms Script
application/javascript 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/3.ee6f1822.chunk.js

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

1d1bcf52e5764e7beabdd774eed4fa0214834890f09272af2ef9e6e40263d633

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:14 GMT
server: CloudFront
etag: W/"7223641f8c9c5cd1f079a885102567eb"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: SBACzMBIO15pmAWzG7eWdG48AqvfKMyLzO2GVVRwr8yGhwwM2t6GiA==

GET
H2 200 5.2a211474.chunk.js Show response
dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/ 456 B
1 KB 214ms
214ms Script
application/javascript 13.32.99.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/5.2a211474.chunk.js

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-85.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

8d7a9fe0964b6bbb2ec8b51f7ade0df672f610336a11faf147cc5cc2d5f819d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P3
content-security-policy-report-only: default-src 'self' *.cambridgeassessment.org.uk *.cambridge.org https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts
x-cache: Miss from cloudfront
content-length: 456
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 01 Jun 2023 10:37:14 GMT
server: CloudFront
etag: "c2ba17484bed0af330288fced5b0f4e0"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: OrmkVzhhicIrKwSSpqHB_N2KfE1XViz-7If2dWcGcpYuNoQKTyyvnA==

OPTIONS
H2 204 proxy
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ Frame 0
0 71ms
22ms Preflight 35.178.99.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=135156926&appName=sfa&environment=default
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.178.99.190 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-178-99-190.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,if-none-match
Access-Control-Request-Method: GET
Origin: https://dev.internal.submitforassessment.cambridgeassessment.org.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,if-none-match
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-expose-headers: ETag
access-control-max-age: 172800
date: Mon, 26 Jun 2023 03:48:55 GMT
vary: Access-Control-Request-Headers

GET
H2 200 proxy Show response
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/ 239 B
778 B 24ms
24ms Fetch
application/json 35.178.99.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk/proxy?sessionId=135156926&appName=sfa&environment=default
Requested by: Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.01147f64.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.178.99.190 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-178-99-190.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 25277bed5999a04697d2b7f3a8b28aa3b31dda9d71dd87a103a48b28b171458d

Request headers

Accept: application/json
Referer
If-None-Match
accept-language: de-DE,de;q=0.9
Authorization: j8iZYKUOqIutukXvc09XvrToZhhUIn3tgSz53y2snfFQpKlyaUmjsiNa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
etag: W/"ef-fDikMOOGNuxXIHPQiGhFujdLQnU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: public, max-age=2
content-length: 239

GET
H2 200 openid-configuration
openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/ 2 KB
1 KB 241ms
141ms XHR
application/json 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/.well-known/openid-configuration
Requested by: Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.01147f64.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-36.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:55 GMT
content-encoding: gzip
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 687
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dev.internal.submitforassessment.cambridgeassessment.org.uk
x-callid: 77c7861442c74dc39710f7a0829dae95
cache-control: private
access-control-allow-credentials: true
x-server: eu1b-nomad-t7
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: NEtuec5Rj2TA2II19pLNO43fwtjS649CzS2zXmcih-avzzWwpZRNHw==

GET
H2

200

proxy Show response
proxy.qa.internal.sso.cambridge.org/
Redirect Chain

https://openid.qa.sso.cambridge.org/oidc/op/v1.0/3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit/authorize?client_id=_a_gooYPMTmWpZ_BXOn9qqpc&redirect_uri=https%3A%2F%2Fdev.inter...
https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+rol...

1 KB
2 KB

82ms
9ms

Document
text/html

108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Requested by

Host: dev.internal.submitforassessment.cambridgeassessment.org.uk
URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/static/js/2.01147f64.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 51432
content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Sun, 25 Jun 2023 13:31:44 GMT
etag: W/"30542a2fd5da6ba72ba88c496aac7f5b"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-amz-cf-id: RdxAegETY-A76uiJmjN2qId2yV1r9T2F2_kC6qlIUzHMNq966CmhWw==
x-amz-cf-pop: FRA56-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 0
date: Mon, 26 Jun 2023 03:48:55 GMT
location: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
via: 1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-amz-cf-id: TUQ8oGUg8_t9ptgdtGI0hacu5uPR-P22P8QcIEoUfSZ9V_5RVkUi8g==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-callid: 4983217d480e47a4852c1644505f1abe
x-error-code: 0
x-robots-tag: none
x-server: eu1a-nomad-t6
x-soa: true, Gator

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 11ms
8ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sun, 25 Jun 2023 11:48:09 GMT
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 57647
x-cache: Hit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: BnIZWxv3m6qtWbe5K2BIpuo2CGDP9vN08hn9R3VhVB03Ss6cD26NGQ==

GET
H2 200 loader.css
proxy.qa.internal.sso.cambridge.org/css/ 387 B
2 KB 12ms
10ms Stylesheet
text/css 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sun, 25 Jun 2023 11:48:09 GMT
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 57647
x-cache: Hit from cloudfront
content-length: 387
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "02ecd10b224d4b0e9b9299b18350701c"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: G8F_RmTk1f59rWQLZBTyN9XwgA2qhzvKjKWUQyhxDiX7efgnPs_g2w==

GET
H2 200 back_cache_cleanup.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 203 B
1 KB 13ms
11ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/back_cache_cleanup.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 13:31:45 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 51432
x-cache: Hit from cloudfront
content-length: 203
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "38a9d4dfd48c723df8cef5f1a03c0971"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: e6f62vzO6-BTgczakHN0xbtTtCgyrUIeD7HgTnhjBGvtvQoc9DT3Aw==

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/JS/ 500 KB
164 KB 719ms
462ms Script
text/javascript 107.23.218.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 107.23.218.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 52228df9957daacbb2bf2afe0b7733749dceea3f1c16a2627235269a101e0611

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t15
x-callid: f126d42dbd9a4a2eace20eec0d4fded9
x-error-code: 0
x-robots-tag: none
content-length: 167906

GET
H/1.1 200
OK gigya.oidc.js Show response
accounts.gigya.com/JS/ 20 KB
7 KB 387ms
130ms Script
text/javascript 107.23.218.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 107.23.218.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t16
x-callid: 4cd41e0cc33e4fee8ad818b5c6779e81
x-error-code: 0
x-robots-tag: none
content-length: 6667

GET
H2 200 spinner.svg
proxy.qa.internal.sso.cambridge.org/assets/ 640 B
2 KB 8ms
8ms Image
image/svg+xml 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://proxy.qa.internal.sso.cambridge.org/assets/spinner.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 13:31:45 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 51432
x-cache: Hit from cloudfront
content-length: 640
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:21 GMT
server: CloudFront
etag: "f143559003fc6e3c7bd0a7966a7e2491"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: ONazVKkD4pjNZePnvwxeP0LD6RVvpKl2jI8dWbwuzSGcxlyRfOh3lw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 107 KB
42 KB 130ms
47ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a896cb64d0cd29d3b8ef2616faa42d3d5c3f1540afb7d9f6f364423fea1031d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42641
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jun 2023 03:48:56 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
520 B 45ms
45ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/css/loader.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 03:19:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Jun 2023 03:48:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
81 KB 53ms
51ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

537e90f9ee74cb83fc78aec8db43efbb599f99af86a088e48f23443edeed349a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Jun 2023 03:48:56 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
269 B 125ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36l0&_p=1097704260&cid=36020494.1687751337&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1687751336&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 03:48:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 46ms
10ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8a860216d74cc4ed9f70bf0ed8b703adc109493c8304274bb99d469a0445180f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:57 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 57ff7e999b2741a0875a4884c86cf5c5
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2165

GET
H2 200 Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame F275 121 KB
43 KB 38ms
18ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:57 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 8adfc321e2d14ca191d3bdc41cac6b1e
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t4
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame F275 6 KB
2 KB 7ms
7ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8a860216d74cc4ed9f70bf0ed8b703adc109493c8304274bb99d469a0445180f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:57 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 57ff7e999b2741a0875a4884c86cf5c5
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2165

GET
H2 200 accounts.webSdkBootstrap Show response
openid.qa.internal.sso.cambridge.org/ 199 B
1 KB 182ms
121ms XHR
text/javascript 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.internal.sso.cambridge.org/accounts.webSdkBootstrap?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&pageURL=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&sdk=js_latest&sdkBuild=13987&format=json
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-36.fra60.r.cloudfront.net
Software: /
Resource Hash: 876a1d0ba88f19359653951e0ba7ad413f98786ce72ae02875898b444be772f0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: gzip
via: 1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 174
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
x-callid: dcd3cecce24d460abbd90a3daf2f8670
cache-control: private
access-control-allow-credentials: true
x-server: eu1b-nomad-t12
vary: Origin, Accept-Encoding
x-robots-tag: none
x-amz-cf-id: qnONGmwreO2340Gmj0KCiy7Qa-n_nz3okj9WC4yHh3TVipBL5GFQzA==

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 2188 93 KB
32 KB 44ms
44ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

14978ffff3f8fff27c544307f220e671b831c2557b607935f06fc77eed90e364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32873
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:57 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 99e5dd0e4288492ba5df42e6f7ae5ac9
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t7
x-soa: true, Gator

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 4745 93 KB
32 KB 59ms
59ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

14978ffff3f8fff27c544307f220e671b831c2557b607935f06fc77eed90e364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32873
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:57 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 99e5dd0e4288492ba5df42e6f7ae5ac9
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t7
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 2188 6 KB
2 KB 10ms
10ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d9b5a9e3595fea45525e0d4006a47fa08e3d6e8587645b340cc40b9977a3b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:57 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: aacc971ca28a4491846632f3ad9f9ea3
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t16
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2145

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 4745 6 KB
2 KB 7ms
7ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d9b5a9e3595fea45525e0d4006a47fa08e3d6e8587645b340cc40b9977a3b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:57 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: aacc971ca28a4491846632f3ad9f9ea3
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t16
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2145

GET
H2 200 Primary Request login Show response
proxy.qa.internal.sso.cambridge.org/ 866 B
2 KB 9ms
8ms Document
text/html 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/login

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/JS/gigya.oidc.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

b3cb958c763e40d68d9ac3c63b676de4ad1b32d0e642a205fecaadf200a9abe3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 61292
content-length: 866
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-type: text/html
date: Sun, 25 Jun 2023 10:47:25 GMT
etag: "8ce8b59496aee2ded64d5660a9bf3e70"
expect-ct: max-age=86400, enforce
last-modified: Fri, 05 May 2023 07:27:19 GMT
referrer-policy: no-referrer
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-amz-cf-id: tBmOSU0RhizlnZp6Ej_X5op3OSCmWy5jLber_gY_LwLjSiD-9y2ZHQ==
x-amz-cf-pop: FRA56-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET sso.htm
cdns.eu1.gigya.com/gs/ Frame 3097 0
0

POST collect
region1.google-analytics.com/g/ 0
0

GET
H/1.1 200
OK gigya.js Show response
accounts.gigya.com/js/ 500 KB
164 KB 134ms
134ms Script
text/javascript 107.23.218.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 107.23.218.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 52228df9957daacbb2bf2afe0b7733749dceea3f1c16a2627235269a101e0611

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:56 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_601578156413,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t14
x-callid: 5ba7a6803f344988bda6224446ce87a0
x-error-code: 0
x-robots-tag: none
content-length: 167906

GET
H2 200 gtm.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 431 B
2 KB 12ms
10ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sun, 25 Jun 2023 11:48:09 GMT
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 57648
x-cache: Hit from cloudfront
content-length: 431
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "b4ea339817ecc2c95b9870cb27dba7b4"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: fQZoqfmTBtkkmZYp2sa6ZCFd0ZbseLDIpeDzZ0oKrQJH9ze0zrwiKQ==

GET
H2 200 constants.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 666 B
2 KB 10ms
9ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/constants.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

31ce1a469a82b6529e12267ea27792addd9284a3b769eb8789551516f52b0448

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 10:47:26 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 61292
x-cache: Hit from cloudfront
content-length: 666
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "bef83bc451aa5912bda92b7264049966"
expect-ct: max-age=86400, enforce
x-frame-options: deny
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: lZt9V-6gdAsDm8vCuktybm3tZMLlcy27-RSmbV3jrUrsx0bHZbFLDw==

GET
H2 200 loginUtils.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 3 KB
2 KB 12ms
11ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/loginUtils.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

59d3a762b8633b4cc9aa5b9d68fc4810aa63ae31723615e21408303adfd2f057

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 13:31:49 GMT
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
x-content-type-options: nosniff
age: 51429
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: W/"635ff0cc57a85419561b55894c66bf46"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
x-amz-cf-id: 13it_PSQI8jXttI7r86e3qfEymiBXtGOILxa7cAybWnyktjpSjrT4g==

GET
H2 200 login.js Show response
proxy.qa.internal.sso.cambridge.org/js/ 341 B
1 KB 10ms
10ms Script
application/javascript 108.138.7.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://proxy.qa.internal.sso.cambridge.org/js/login.js

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-17.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

3a213b9803edeb8427b9361ac14abbba4dce40daf744f057158190e3bae93233

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' .cambridgeassessment.org.uk .gigya.com fonts.googleapis.com fonts.gstatic.com .cambridge.org; child-src .gigya.com; connect-src 'self' .gigya.com .cambridgeassessment.org.uk .cambridge.org .google-analytics.com; font-src fonts.gstatic.com; frame-src .gigya.com .cambridgeassessment.org.uk .cambridge.org; img-src .gigya.com data: .cambridge.org .cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' .gigya.com .cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cambridgeassessment.org.uk *.gigya.com fonts.googleapis.com fonts.gstatic.com *.cambridge.org; child-src *.gigya.com; connect-src 'self' *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org *.google-analytics.com; font-src fonts.gstatic.com; frame-src *.gigya.com *.cambridgeassessment.org.uk *.cambridge.org; img-src *.gigya.com data: *.cambridge.org *.cambridgeassessment.org.uk www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gigya.com *.cambridge.org https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.cambridge.org https://tagmanager.google.com https://www.googletagmanager.com; sandbox allow-popups allow-forms allow-modals allow-scripts allow-same-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Sun, 25 Jun 2023 11:48:13 GMT
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P6
age: 57645
x-cache: Hit from cloudfront
content-length: 341
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Fri, 05 May 2023 07:27:20 GMT
server: CloudFront
etag: "986f27a6adcc3062fb06b57457fa31dd"
expect-ct: max-age=86400, enforce
x-frame-options: deny
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: UTMVq81dmb_kKFaroPIcYW0x3pkv7pHFWqaaYhvui0Om821eLGvLvQ==

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ 6 KB
2 KB 7ms
7ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8a860216d74cc4ed9f70bf0ed8b703adc109493c8304274bb99d469a0445180f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 57ff7e999b2741a0875a4884c86cf5c5
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2165

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 107 KB
42 KB 49ms
49ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Requested by

Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/gtm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44f21ce96151a896d098a8694b7862778bf9776586aaa67b8c6a9511117d8dae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42641
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jun 2023 03:48:58 GMT

GET
H2 200 _a_gooYPMTmWpZ_BXOn9qqpc Show response
orgs.qa.internal.sso.cambridge.org/client/ 45 B
166 B 762ms
670ms Fetch
application/json 18.169.210.15

General

Check archive.org

Show headers Download Go to

Full URL: https://orgs.qa.internal.sso.cambridge.org/client/_a_gooYPMTmWpZ_BXOn9qqpc
Requested by: Host: proxy.qa.internal.sso.cambridge.org
URL: https://proxy.qa.internal.sso.cambridge.org/js/loginUtils.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.210.15 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 938bbc57164ca1406278f7dd6873bf9613774436c49c4477afeab46de72c1e35

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 26 Jun 2023 03:48:58 GMT
content-length: 45
apigw-requestid: HG6apiP2rPEEPpQ=
content-type: application/json

GET
H2 200 Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame 8AD6 121 KB
43 KB 7ms
7ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 43588
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:58 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 8adfc321e2d14ca191d3bdc41cac6b1e
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t4
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 8AD6 6 KB
2 KB 7ms
7ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8a860216d74cc4ed9f70bf0ed8b703adc109493c8304274bb99d469a0445180f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: 57ff7e999b2741a0875a4884c86cf5c5
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t3
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2165

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 0A2D 93 KB
32 KB 8ms
7ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

14978ffff3f8fff27c544307f220e671b831c2557b607935f06fc77eed90e364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32873
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:58 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 99e5dd0e4288492ba5df42e6f7ae5ac9
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t7
x-soa: true, Gator

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 3A37 93 KB
32 KB 7ms
7ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

14978ffff3f8fff27c544307f220e671b831c2557b607935f06fc77eed90e364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32873
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:58 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 99e5dd0e4288492ba5df42e6f7ae5ac9
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t7
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 0A2D 6 KB
2 KB 7ms
7ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d9b5a9e3595fea45525e0d4006a47fa08e3d6e8587645b340cc40b9977a3b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: aacc971ca28a4491846632f3ad9f9ea3
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t16
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2145

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 3A37 6 KB
2 KB 14ms
13ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d9b5a9e3595fea45525e0d4006a47fa08e3d6e8587645b340cc40b9977a3b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: aacc971ca28a4491846632f3ad9f9ea3
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t16
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2145

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
81 KB 53ms
53ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NNRLQWF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b8067ad3959ea384ca191e4195ffae46094eed758ba931501367c394a62b7ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83210
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Jun 2023 03:48:58 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 17ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36l0&_p=1726253321&cid=36020494.1687751337&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1687751336&sct=1&seg=1&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Flogin&dt=Cambridge%20Login&en=page_view
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QBZ91CH3NC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jun 2023 03:48:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 3DDB 93 KB
32 KB 7ms
7ms Document
text/html 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Requested by

Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-165-54.deploy.static.akamaitechnologies.com

Software

Resource Hash

14978ffff3f8fff27c544307f220e671b831c2557b607935f06fc77eed90e364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400, s-maxage=3600
content-encoding: gzip
content-length: 32873
content-type: text/html; charset=utf-8
date: Mon, 26 Jun 2023 03:48:58 GMT
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-callid: 99e5dd0e4288492ba5df42e6f7ae5ac9
x-error-code: 0
x-robots-tag: none
x-server: us1d-nomad-t7
x-soa: true, Gator

GET
H2 200 sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 3DDB 6 KB
2 KB 7ms
7ms Fetch
text/javascript 23.213.165.54
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.213.165.54 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-213-165-54.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d9b5a9e3595fea45525e0d4006a47fa08e3d6e8587645b340cc40b9977a3b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: *
x-callid: aacc971ca28a4491846632f3ad9f9ea3
content-type: text/javascript; charset=utf-8
cache-control: public, s-maxage=120, max-age=60
x-server: us1d-nomad-t16
accept-ranges: bytes
x-error-code: 0
x-robots-tag: none
content-length: 2145

GET
H/1.1 200
OK gigya.services.plugins.base.min.js Show response
accounts.gigya.com/js/ 577 KB
174 KB 133ms
133ms Script
text/javascript 107.23.218.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gigya.com/js/gigya.services.plugins.base.min.js?services=gigya.services.accounts.plugins.screenSet&lang=en&version=latest
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 107.23.218.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: lb-d.us1.gigya.com
Software: /
Resource Hash: 6255d3928bafd4525699c8ad2b13f6c57ddf7395ceeb0f6c225a09c10620ff49

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:58 GMT
content-encoding: gzip
x-soa: true, Gator
vary: Accept-Encoding
edge-cache-tag: siteid_,ver_latest
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
edge-control: !no-store,max-age=1h
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
cache-control: public, s-maxage=3600, max-age=900
x-server: us1d-nomad-t16
x-callid: 9baf82e234794537b7580ceb1ef4ed7a
x-error-code: 0
x-robots-tag: none
content-length: 178061

GET
H2 200 accounts.getScreenSets
openid.qa.internal.sso.cambridge.org/ 305 KB
0 172ms
172ms XHR
text/javascript 13.32.121.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://openid.qa.internal.sso.cambridge.org/accounts.getScreenSets?screenSetIDs=CambridgeLogin-RegistrationLogin&include=html%2Ccss%2Cjavascript%2Ctranslations%2C&lang=en&APIKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Flogin&sdkBuild=13987&format=json&httpStatusCodes=true
Requested by: Host: accounts.gigya.com
URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-36.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 03:48:59 GMT
content-encoding: gzip
via: 1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront)
x-soa: true, Gator
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code: 0
content-length: 56484
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://proxy.qa.internal.sso.cambridge.org
x-callid: 04ba21331f5c45e2a79bd2818bcec203
cache-control: private
access-control-allow-credentials: true
x-server: eu1a-nomad-t10
vary: Origin,Accept-Encoding
x-robots-tag: none
x-amz-cf-id: 2b5B1GyJZExglqJbTBobyZoLhPpORJFz3gpIrZ6KM14HH3l5Nz4rwg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN&ssoSegment=&version=latest&build=13987

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QBZ91CH3NC&gtm=45je36l0&_p=1097704260&cid=36020494.1687751337&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1687751336&sct=1&seg=0&dl=https%3A%2F%2Fproxy.qa.internal.sso.cambridge.org%2Fproxy%3Fcontext%3Deu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936%26client_id%3D_a_gooYPMTmWpZ_BXOn9qqpc%26mode%3Dlogin%26scope%3Dopenid%2Bprofile%2Bemail%2Broles%2Borgs%2BsystemIDs%2BbusinessStream&dt=Cambridge%20Login&en=scroll&epn.percent_scrolled=90&_et=5

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cambridge.org/	1970-01-20 22:25:11	Name: _ga Value: GA1.1.36020494.1687751337
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary Value: false
.proxy.qa.internal.sso.cambridge.org/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 13987-3-28129185
.openid.qa.internal.sso.cambridge.org/	1970-01-20 21:36:13	Name: gmid Value: gmid.ver4.AcbHSsQiTQ.NY1-hkk3i5Zxrr6wEgHFbX74bXlNk1wogYpjylxJmDQlX6Sb66x1oL29vYb9c-tc.9CyMUhMDiZwBBIUXPBkQZZnROmHqnGFe9g21_NPh4ooMCaQyLszmBCEu3DoLNXeH509UIALp0nTlNEB6fg7EWw.sc3
.openid.qa.internal.sso.cambridge.org/	1970-01-20 21:36:13	Name: ucid Value: 33DSz1Cmpu38aIUx-N_Ttw
.openid.qa.internal.sso.cambridge.org/	1970-01-20 17:12:46	Name: hasGmid Value: ver4
.qa.internal.sso.cambridge.org/	1970-01-20 21:34:47	Name: gig_bootstrap_3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit Value: openid_ver4
.cdns.eu1.gigya.com/	1970-01-20 21:34:47	Name: gig_canary_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: false
.cdns.eu1.gigya.com/	1970-01-20 21:34:47	Name: gig_canary_ver_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: 13987-3-28129185
.cdns.eu1.gigya.com/	1970-01-20 21:34:47	Name: apiDomain_3_qUaoItpI0B8kD_Ob9s-TNS7m34ZPiaKtELECghHejEie3LpelQSx5GthHQH0jTNN Value: openid.qa.internal.sso.cambridge.org
.gigya.com/	1970-01-20 12:49:11	Name: gig3pctest Value: true
.cambridge.org/	1970-01-20 22:25:11	Name: _ga_QBZ91CH3NC Value: GS1.1.1687751336.1.1.1687751338.0.0.0

233 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://dev.internal.submitforassessment.cambridgeassessment.org.uk/ Message: The Content Security Policy directive 'sandbox' is ignored when delivered in a report-only policy.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google-analytics.com".
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/proxy?context=eu1_tk1.l-d8Cjzq2BoZ3UQiY4noUaxNSeQhJqlgd3lB4AlDiQE.1687751936&client_id=_a_gooYPMTmWpZ_BXOn9qqpc&mode=login&scope=openid+profile+email+roles+orgs+systemIDs+businessStream Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/JS/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://proxy.qa.internal.sso.cambridge.org/login Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://accounts.gigya.com/js/gigya.js?apiKey=3_H1l5oAZovYR72SpJuqq3US0WyzJyWBKEB8PasZUEBN1t7ESpbdM6pFND3Y8BRmit(Line 69) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.gigya.com
cdns.eu1.gigya.com
dev.internal.submitforassessment.cambridgeassessment.org.uk
fonts.googleapis.com
openid.qa.internal.sso.cambridge.org
openid.qa.sso.cambridge.org
orgs.qa.internal.sso.cambridge.org
proxy.qa.internal.sso.cambridge.org
region1.google-analytics.com
unleash-proxy.dev.internal.submitforassessment.cambridgeassessment.org.uk
www.googletagmanager.com
cdns.eu1.gigya.com
region1.google-analytics.com
107.23.218.60
108.138.7.17
13.32.121.36
13.32.99.85
18.169.210.15
2001:4860:4802:34::36
23.213.165.54
2a00:1450:4001:80b::2008
2a00:1450:4001:827::200a
35.178.99.190
0c1ef5a32b2dcf474faedb663871b53998c022d78d069256e6a8fcae1e882c14
14978ffff3f8fff27c544307f220e671b831c2557b607935f06fc77eed90e364
1d1bcf52e5764e7beabdd774eed4fa0214834890f09272af2ef9e6e40263d633
25277bed5999a04697d2b7f3a8b28aa3b31dda9d71dd87a103a48b28b171458d
2a59fe4db83d881fc7ac349a0a42b3a651079eff50b563a1b04cf5d81afce41c
2e0881f709571fcfbde8a04cdda3152d0380789f0da81094473c7c0b63c51a85
31ce1a469a82b6529e12267ea27792addd9284a3b769eb8789551516f52b0448
348867415261fa24e6f6a3d2aecf01cf24384ad6a1432501dac0b6981d25c52d
37e44af3d562bab647fc40f5d6d7210a2abd24202cbd958a9e368c4d8131e61a
3a213b9803edeb8427b9361ac14abbba4dce40daf744f057158190e3bae93233
44f21ce96151a896d098a8694b7862778bf9776586aaa67b8c6a9511117d8dae
52228df9957daacbb2bf2afe0b7733749dceea3f1c16a2627235269a101e0611
537e90f9ee74cb83fc78aec8db43efbb599f99af86a088e48f23443edeed349a
58b5c24df15a4608641943188bfb61654dee116a32ccb0c03b8e703068840153
59d3a762b8633b4cc9aa5b9d68fc4810aa63ae31723615e21408303adfd2f057
6255d3928bafd4525699c8ad2b13f6c57ddf7395ceeb0f6c225a09c10620ff49
6d9b5a9e3595fea45525e0d4006a47fa08e3d6e8587645b340cc40b9977a3b66
876a1d0ba88f19359653951e0ba7ad413f98786ce72ae02875898b444be772f0
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
8a860216d74cc4ed9f70bf0ed8b703adc109493c8304274bb99d469a0445180f
8be99f889daaf99df0ce16ced09e770cc065ab4afc4e01ba3368899526aa1504
8d7a9fe0964b6bbb2ec8b51f7ade0df672f610336a11faf147cc5cc2d5f819d7
8f10837656b0a00f780ec775ad8dd91ec11ee8a30f15a302cf44032f097036a9
938bbc57164ca1406278f7dd6873bf9613774436c49c4477afeab46de72c1e35
a896cb64d0cd29d3b8ef2616faa42d3d5c3f1540afb7d9f6f364423fea1031d2
a9013a737d5a92af5fa83b598cbd897ca98275812fea86e8434bd96daa2c0eb3
b3cb958c763e40d68d9ac3c63b676de4ad1b32d0e642a205fecaadf200a9abe3
b3e48be6c2d89a6685774e3b2a45da8263044ed643ab974ff6974475e832ef71
b8067ad3959ea384ca191e4195ffae46094eed758ba931501367c394a62b7ca3
c86462796803501129c23a36fda51d6e2798350cfcdd86ca73f6138a1c17fe88
cab7810f937780c44d1c93c65e0f8ddc78c912ce97b2c449de2cc8fc6ba264d6
cc5742fc7e0babb1a77efbcb535564a3d28342887863c53b3212c752aad40f0b
d4fee6ceac0b6ecf77c5b5b2686f4894806e7802784c268177ad672970d5b274
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea8ec5abb5ead566d0a812dce194d9c33eb98adae50188bbb9583bce079a6b27

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro 108.138.7.17 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

55 Requests

96 %HTTPS

30 %IPv6

6 Domains

11 Subdomains

11 IPs

3 Countries

2060 kBTransfer

8055 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

proxy.qa.internal.sso.cambridge.org Open in urlscan Pro
108.138.7.17 Public Scan

Screenshot
Live screenshot

Full Image

55
Requests

96 %
HTTPS

30 %
IPv6

6
Domains

11
Subdomains

11
IPs

3
Countries

2060 kB
Transfer

8055 kB
Size

12
Cookies

55 HTTP transactions
0 data transactions