urlscan.io logo urlscan.io
SecurityTrails logo

well.burnalong.com Open in urlscan Pro
2600:9000:21dd:b200:13:9a9c:60c0:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://well.burnalong.com/login
Submission: On September 05 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 1 countries across 11 domains to perform 38 HTTP transactions. The main IP is 2600:9000:21dd:b200:13:9a9c:60c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is well.burnalong.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on August 7th 2024. Valid for: a year.
This is the only time well.burnalong.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

10    2600:9000:21dd:b200:13:9a9c:60c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
well.burnalong.com
1    2607:f8b0:4006:80f::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    18.238.49.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-47.jfk52.r.cloudfront.net
consent.trustarc.com
1    2607:f8b0:4006:80e::200e (United States)

ASN15169 (GOOGLE, US)
translate.google.com
3    2607:f8b0:4006:823::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)
translate.googleapis.com
2    2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    2606:4700:4400::ac40:9a8e (United States)

ASN13335 (CLOUDFLARENET, US)
sdk.iad-02.braze.com
2    2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2607:f8b0:4006:80a::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    3.30.62.21 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-30-62-21.us-gov-west-1.compute.amazonaws.com
browser-intake-ddog-gov.com
2    2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    2607:f8b0:4004:c06::9a (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.81.238 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f14.1e100.net
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
10 burnalong.com
well.burnalong.com
814 KB
8 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 4912
131 KB
4 gstatic.com
www.gstatic.com
fonts.gstatic.com
11 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
192 KB
2 browser-intake-ddog-gov.com
browser-intake-ddog-gov.com — Cisco Umbrella Rank: 236030
976 B
2 braze.com
sdk.iad-02.braze.com — Cisco Umbrella Rank: 41568
741 B
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1950
8 KB
2 google.com
translate.google.com — Cisco Umbrella Rank: 2103
analytics.google.com — Cisco Umbrella Rank: 238
32 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
translate.googleapis.com — Cisco Umbrella Rank: 1452
73 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
256 B
38 11
Domain Requested by
10 well.burnalong.com well.burnalong.com
8 consent.trustarc.com well.burnalong.com
consent.trustarc.com
3 www.google-analytics.com well.burnalong.com
3 www.gstatic.com well.burnalong.com
www.gstatic.com
2 www.googletagmanager.com well.burnalong.com
2 browser-intake-ddog-gov.com well.burnalong.com
2 sdk.iad-02.braze.com well.burnalong.com
2 use.fontawesome.com well.burnalong.com
use.fontawesome.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com well.burnalong.com
1 fonts.gstatic.com well.burnalong.com
1 translate.googleapis.com
1 translate.google.com well.burnalong.com
1 fonts.googleapis.com well.burnalong.com
38 14

This site contains links to these domains. Also see Links.

Domain
translate.google.com
www.burnalong.com
submit-irm.trustarc.com
Subject Issuer Validity Valid
*.burnalong.com
Amazon RSA 2048 M03		 2024-08-07 -
2025-09-05		 a year crt.sh
upload.video.google.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
*.trustarc.com
Amazon RSA 2048 M02		 2024-03-16 -
2025-04-14		 a year crt.sh
*.google.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
*.gstatic.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
use.fontawesome.com
Cloudflare Inc ECC CA-3		 2023-10-12 -
2024-10-10		 a year crt.sh
*.iad-02.braze.com
E5		 2024-08-11 -
2024-11-09		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh
*.browser-intake-ddog-gov.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-03 -
2024-11-04		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://well.burnalong.com/login
Frame ID: 76A4B1B438CFEFD10C5B1F257443A766
Requests: 37 HTTP requests in this frame

Frame: data://truncated
Frame ID: C8D6EB52EDABB396CCFB4BC1684B271C
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 0B5000C97D2994D88F7DA1A417D3020B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Burnalong | Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com

Page Statistics

38
Requests

100 %
HTTPS

80 %
IPv6

11
Domains

14
Subdomains

16
IPs

1
Countries

1284 kB
Transfer

4693 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
well.burnalong.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8802a626799348acdbd39184157d98bf6d59db06331f978bbd6fa21d9c749266
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age
3
content-encoding
br
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
content-type
text/html
date
Thu, 05 Sep 2024 12:45:37 GMT
etag
W/"b3b2d0af2a51b28f04822613db73dc8c"
last-modified
Tue, 20 Aug 2024 16:54:05 GMT
server
AmazonS3
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
x-amz-cf-id
wsIgVGiBLNUHmCHwXbN8wV9sJFL1Ikhtv3Ci9EQiAUJAUtdP9tBByA==
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only
css2
fonts.googleapis.com/ 		2 KB
849 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
492d00e4a4110b712efd91a46f205045b2f207df8bc960be6f46b0964107f7cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 05 Sep 2024 12:45:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 05 Sep 2024 11:43:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 05 Sep 2024 12:45:40 GMT
notice
consent.trustarc.com/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/notice?domain=tivityhealth.com&c=teconsent&js=nj&noticeType=bb&gtm=1
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
312efb79dd9fffa8f78639f091bfd74a14d993586c39a5446a4872603fea939f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:40 GMT
content-encoding
gzip
via
1.1 83f903d51f378add519d351aa3b07052.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
JFK52-P3
vary
Accept-Encoding, Origin
x-cache
Miss from cloudfront
content-type
text/javascript; charset=UTF-8
cache-control
max-age=3600
x-amz-cf-id
PMIak1pajTTopq7oAxqSrD_1VTtoJ01NyQ-dcwZ59cv54knK5QnM-w==
element.js
translate.google.com/translate_a/ 		90 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1776325e8aa4b22574c2933a9882c499113c2e921813ff131e1ca36a43df3ced
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
index-1aX48tdS.js
well.burnalong.com/assets/ 		3 MB
710 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/index-1aX48tdS.js
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1467b87ba1e5c5dff51a60f09dcd9641a57121ec91884efedb7502afcf4c552b
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://well.burnalong.com/login
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:40 GMT
content-encoding
br
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-permitted-cross-domain-policies
master-only
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
last-modified
Tue, 20 Aug 2024 16:54:04 GMT
server
AmazonS3
etag
W/"392dfe6c8c49d7eec37ce7f23a5b98a1"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
ly5yAY88GBaSNVzWlqGsBGJg38fJg-qYINONxVsR9TArT6qbnMJ2sg==
index-DUKNvsQW.css
well.burnalong.com/assets/ 		179 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/index-DUKNvsQW.css
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4e31b8bff9945af718f6b89560a342444dfe3ff955d25d9983d3562cd2fe0f64
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://well.burnalong.com/login
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:40 GMT
content-encoding
br
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-permitted-cross-domain-policies
master-only
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
last-modified
Tue, 20 Aug 2024 16:54:05 GMT
server
AmazonS3
etag
W/"c1ef45305a72c32e97f898178b44007e"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
x-amz-cf-id
sUvdZjII_caI3RMNozEQwkwHqnVLbgwSG-rj6TKZPsx1gJ2Bvtaslg==
v1.7-230
consent.trustarc.com/asset/notice.js/v/ 		93 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-230
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=tivityhealth.com&c=teconsent&js=nj&noticeType=bb&gtm=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
f2769341fbf31a14e512d5b4138e93597e2eaf57dc58a09748a0515f4d4fd267
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
public
date
Thu, 05 Sep 2024 12:34:16 GMT
content-encoding
gzip
via
1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 5 Aug 2024 02:19:53 GMT
x-amz-cf-pop
JFK52-P3
age
684
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
x-amz-cf-id
8O_ApueDPJ_XW3wcM7gvhb38qu4-bACHn8euy88Rj91pe_hEKhtoIQ==
log
consent.trustarc.com/ 		43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/log?domain=tivityhealth.com&country=us&state=&behavior=implied&session=40f5c207-4a20-49b7-b711-f0b955e34b89&userType=NEW&c=23d1&referer=https://well.burnalong.com&language=en
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:40 GMT
via
1.1 83f903d51f378add519d351aa3b07052.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
JFK52-P3
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
v608MsUMOunt9xiZAClQ9oG4jVjqGf8lV3xRzUOaoReO1dFeaY3ZQw==
expires
Mon, 26 Jul 1997 05:00:00 GMT
m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=QDA/d=0/rs=AN8SPfrycRFEIstD_ODMax_0dvnH_HM3_Q/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=QDA/d=0/rs=AN8SPfrycRFEIstD_ODMax_0dvnH_HM3_Q/m=el_main_css
Requested by
Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.IRRrBjGBnqY.O/am=QDA/d=1/rs=AN8SPfqtFr6g66vd59ULsZJVL3i_-rVRtA/m=el_conf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 09:57:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
528493
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4144
x-xss-protection
0
last-modified
Thu, 04 Apr 2024 07:26:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Aug 2025 09:57:27 GMT
m=el_main
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.IRRrBjGBnqY.O/am=AAAB/d=1/exm=el_conf/ed=1/rs=AN8SPfqy4G6IrGaaTPk0EREdoxeJ03UmSg/ 		208 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.IRRrBjGBnqY.O/am=AAAB/d=1/exm=el_conf/ed=1/rs=AN8SPfqy4G6IrGaaTPk0EREdoxeJ03UmSg/m=el_main
Requested by
Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.IRRrBjGBnqY.O/am=QDA/d=1/rs=AN8SPfqtFr6g66vd59ULsZJVL3i_-rVRtA/m=el_conf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
22dd566a4011a1f0da1b0d70ed6bf4624166435b6ed096b1c04ad89dfb8ec690
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 17:11:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70464
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73336
x-xss-protection
0
last-modified
Tue, 03 Sep 2024 21:12:04 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 04 Sep 2025 17:11:16 GMT
7f85a56ba4.css
use.fontawesome.com/ 		1 KB
867 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/7f85a56ba4.css
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Sep 2023 00:57:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5419
etag
W/"8360eb270b919a1fb4776bc448d9ed14"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HJ6l6EH3z9Csq3upcmF%2F2NnQOkLrrqhmJubuNK0zCyBr4nikkWCUO5NZ6I9BkD1tRiDINqcOsgZc7jdcCoSOmm1Y7meWKNF8vOvkfXyjhDemSluEqUOSvu6ZqJioPlaODLytq3rqlemxT3qgJPUJXruN"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=1800
cf-ray
8be6515bcd0878e5-LAX
alt-svc
h3=":443"; ma=86400
Login-BdYSQF7W.js
well.burnalong.com/assets/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/Login-BdYSQF7W.js
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d9202d8f90acdf87f19a9bac5df95d2134332e082c68419213e02431f7feb63
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
content-encoding
br
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-permitted-cross-domain-policies
master-only
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
last-modified
Tue, 20 Aug 2024 16:54:02 GMT
server
AmazonS3
etag
W/"0856fd6f6421b08a29345bde8bcaf809"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
V6yUnTAKpnDNcydsyq8iHiHM0zqMNZakPNO-9NADAKYq-0PE30s0dw==
TimePicker-_4tslJqP.js
well.burnalong.com/assets/ 		236 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/TimePicker-_4tslJqP.js
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c1aea5c1ef58db536bdd65b4318ee31f55049068869b7cc4ce7a14389a0b5d02
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
content-encoding
br
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-permitted-cross-domain-policies
master-only
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
last-modified
Tue, 20 Aug 2024 16:54:04 GMT
server
AmazonS3
etag
W/"4d01f4cbd0e22e92dfce5b1d79e83d28"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
MPkJOwgHxLsqK66uh6cefszsF9radAI5Fpy5qfLcfNMBGOflrBzCJg==
TimePicker-BdzRG8m6.css
well.burnalong.com/assets/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/TimePicker-BdzRG8m6.css
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ac0d1eb80fe86438a18685913235202728debbb7b36ed35abb073985af9eda8
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://well.burnalong.com/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
content-encoding
br
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-permitted-cross-domain-policies
master-only
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
last-modified
Tue, 20 Aug 2024 16:54:04 GMT
server
AmazonS3
etag
W/"47a532bd07b484a52add6b853478fe91"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
x-amz-cf-id
_o9E-NPjVVx0Ba4D3Pwzgd54z6OD66lM9Y1Z4cMlyz2l9y4Zo5ilDQ==
RatingStars-CZTD7_H0.js
well.burnalong.com/assets/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/RatingStars-CZTD7_H0.js
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e91388b5fe2f2dee605a44cc45666474e27b8954be369e600a6db90b34efc658
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
content-encoding
br
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-permitted-cross-domain-policies
master-only
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
last-modified
Tue, 20 Aug 2024 16:54:03 GMT
server
AmazonS3
etag
W/"ced685251e76ef16e4000e38eb38cd5a"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
80fdAaaZMi26ygnR5IyLx_QNOjm5d1du1RLpoMN_Asj-q3njcy1elg==
doLoginAsync-cX8ZweFb.js
well.burnalong.com/assets/ 		687 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/assets/doLoginAsync-cX8ZweFb.js
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b3b8b4ad8da342350ec94f51fd56716f118343dcc6731c9b00e613aae801dfae
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-permitted-cross-domain-policies
master-only
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
687
last-modified
Tue, 20 Aug 2024 16:54:04 GMT
server
AmazonS3
etag
"636703c232520f2463cc3a65847e3d5b"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
eAEzTws98HUrSx0c09T1GWzO4fQNb_PL3nD4svJadp-3a2Jpt30YHw==
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/7f85a56ba4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

Referer
https://use.fontawesome.com/7f85a56ba4.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Sep 2023 01:44:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
636699
etag
W/"36082410df2ef7f83932219089dc1443"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oUmpd%2BLiqRJdtw9AuL%2BKzEVpRSg5ayUwG1aNgIBA7Oj7oIesC9FZKPBcWbHHPcbCE9sJFZmVdg5e10ctRkq6PrrSl4FDl%2BVeTtNEmmaZ6xgTzYFyGHM0kGsBwF%2FGcIYM95TJhWGyMnyWEAxuBGtvBuEw"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
8be6515c8d8978e5-LAX
alt-svc
h3=":443"; ma=86400
/
sdk.iad-02.braze.com/api/v3/data/ 		784 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-02.braze.com/api/v3/data/
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a8e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdd2202f98c6e2e4d5f01b464028e30339afde58e8ec24d24cfed471adc31685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
cdccf353-aad2-4961-b64b-8941fdd16f93
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
Referer
https://well.burnalong.com/
X-Requested-With
XMLHttpRequest
X-Braze-Req-Attempt
1

Response headers

date
Thu, 05 Sep 2024 12:45:41 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
9d068df9-4f93-4519-91b4-288455b68070
x-runtime
0.108363
server
cloudflare
etag
W/"bdd2202f98c6e2e4d5f01b464028e303"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1725540342
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8be6515f59110d3c-LAX
x-ratelimit-remaining
499.0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 12:06:04 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2377
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 05 Sep 2024 14:06:04 GMT
cookiepref.png
consent.trustarc.com/asset/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/asset/cookiepref.png
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
e0a0340b7c912b0e1e0e020532b87affb27b7ae7be6ff084199800973a53ff6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
public
date
Thu, 05 Sep 2024 12:03:38 GMT
via
1.1 83f903d51f378add519d351aa3b07052.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Wed, 9 Dec 2020 08:11:16 GMT
x-amz-cf-pop
JFK52-P3
age
2523
vary
Origin
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=2592000
content-length
9270
x-amz-cf-id
ZQMRHrnObsXNtuSEeSuGn0JzeU3Rt9Sa8k0jUuSyTvVgbElBmKr4oQ==
24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 		6 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 07:02:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
538990
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3340
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 14:24:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Aug 2025 07:02:31 GMT
googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 		910 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:27:42 GMT
x-content-type-options
nosniff
age
1079
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
910
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 05 Sep 2025 12:27:42 GMT
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/product/2x/translate_24dp.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=QDA/d=0/rs=AN8SPfrycRFEIstD_ODMax_0dvnH_HM3_Q/m=el_main_css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=QDA/d=0/rs=AN8SPfrycRFEIstD_ODMax_0dvnH_HM3_Q/m=el_main_css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 05:32:15 GMT
x-content-type-options
nosniff
age
26006
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1842
x-xss-protection
0
last-modified
Thu, 14 Oct 2021 09:08:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 05 Sep 2025 05:32:15 GMT
get
consent.trustarc.com/ 		359 B
682 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/get?name=ba_close_icon.png
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
9737a2cd5df323dbea3cdc36ff73d0af82a3815b2928f71038f14d8181cd6bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
public
date
Thu, 05 Sep 2024 12:02:11 GMT
via
1.1 83f903d51f378add519d351aa3b07052.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
JFK52-P3
age
2610
vary
Origin
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=2592000
content-length
359
x-amz-cf-id
ESEkDrHpd92jm085JfSqDkm1MEQDr7pmsalbCvV4HrH-YunmxLQqWw==
get
consent.trustarc.com/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=DMSans-Regular.woff
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
e978fee9deb7361869598ee9422c2fe781f4c2e1a855b7492ba3e063e1014f61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
public
date
Thu, 05 Sep 2024 12:02:01 GMT
via
1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
JFK52-P3
age
2620
x-cache
Hit from cloudfront
content-type
application/font-woff
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
content-length
39604
x-amz-cf-id
CCfub-Ku93hrv6TDEsFhB3bE3N9y8CuRKSK8nbGW047xttKIayrk9g==
get
consent.trustarc.com/ 		86 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=DMSans-Bold.otf
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
ed3b8b27929a7f9a790138037b2237cf6733fd70ec6b5199b1a86dd61e447124
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
Origin
https://well.burnalong.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
public
date
Thu, 05 Sep 2024 12:02:01 GMT
content-encoding
gzip
via
1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
JFK52-P3
age
2620
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
font/otf
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
x-amz-cf-id
sJm6EhfrZYNvH7QZv5Xft44psmFnh7pTdFqgwYW-nVKjpCuF8C5Dcg==
bannermsg
consent.trustarc.com/ 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/bannermsg?action=views&domain=tivityhealth.com&behavior=implied&country=us&language=en&rand=0.6080771213283334&session=40f5c207-4a20-49b7-b711-f0b955e34b89&userType=NEW&referer=https://well.burnalong.com
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-47.jfk52.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:41 GMT
via
1.1 83f903d51f378add519d351aa3b07052.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
JFK52-P3
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
tqDR9ZENtYo1aztXXjXgrhQK5b9T5wawwJp91nx4kcZHbJNzalNgZw==
expires
Mon, 26 Jul 1997 05:00:00 GMT
burnalong-wordmark-masterBlue-BlCmkWMu.png
well.burnalong.com/assets/ 		5 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://well.burnalong.com/assets/burnalong-wordmark-masterBlue-BlCmkWMu.png
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
38c66a34d0d4194d734124dea030b7b8aef2441cfd0feec1c1bcd87f67ebf393
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://well.burnalong.com/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-permitted-cross-domain-policies
master-only
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
5060
last-modified
Tue, 20 Aug 2024 16:54:04 GMT
server
AmazonS3
etag
"ba9297e6844bea6a469b9798288685f9"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
rCqsKJ6UDHLg6Ykh0hhzIwZW9kQqMU9DSNyVJ1K-pdhX61G9h8jdzw==
rum
browser-intake-ddog-gov.com/api/v2/ 		53 B
488 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://browser-intake-ddog-gov.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.4.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Aburnalong-react-web-experience%2Cversion%3A2024.04.01&dd-api-key=pubff6077239f34755409cc82c3aef12593&dd-evp-origin-version=5.4.0&dd-evp-origin=browser&dd-request-id=94b153ed-9d7f-40d3-9f8e-2491dfc36e31&batch_time=1725540341407
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.30.62.21 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-30-62-21.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
e9638d0c1c2ddda07fab08f9c09f4f272c35d786bd0faecd1d4cd3ee0ce6c7e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 05 Sep 2024 12:45:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
Content-Type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
Connection
keep-alive
Content-Length
53
dd-request-id
94b153ed-9d7f-40d3-9f8e-2491dfc36e31
/
sdk.iad-02.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-02.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a8e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://well.burnalong.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8be6515e687a0d3c-LAX
content-encoding
gzip
date
Thu, 05 Sep 2024 12:45:41 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
truncated
/ Frame C8D6 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame C8D6 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
collect
www.google-analytics.com/j/ 		29 B
237 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1483427883&t=pageview&_s=1&dl=https%3A%2F%2Fwell.burnalong.com%2Flogin&dp=%2Flogin&ul=en-us&de=UTF-8&dt=Burnalong%20%7C%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=714430745&gjid=566768550&cid=966893791.1725540342&tid=UA-78523875-7&_gid=1949268271.1725540342&_r=1&_slc=1&z=1409473189
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
66c4dba31810f22ca9686c7facf71ebec3ff371dbfb5319bca98e6d308837de5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://well.burnalong.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.png
well.burnalong.com/ 		796 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://well.burnalong.com/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b200:13:9a9c:60c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3573c9d5f53d1934b46a4728fafc59908a8fb11d4714657d871aa24c01b7c014
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://well.burnalong.com/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
via
1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
x-permitted-cross-domain-policies
master-only
strict-transport-security
max-age=15768000; includeSubDomains
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
796
last-modified
Tue, 20 Aug 2024 16:54:05 GMT
server
AmazonS3
etag
"831a037f7f6d6b2dab45efe9b8f69df7"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
sF9jt09cxj99M6aQpNmQCylOkjfF19Qng1LahhTplGHsiQRy8g5KQg==
js
www.googletagmanager.com/gtag/ 		276 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-19MLGQ2QDN&cx=c&_slc=1
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
566d6c23db0fa650d40117d059fddd922b47a66db4ec1fef768ac256bd2d03a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97665
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 05 Sep 2024 12:45:42 GMT
js
www.googletagmanager.com/gtag/ 		277 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FJSHYQJNWK&cx=c&_slc=1
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cef448259ad8666d1776c8154eb433496a2b32f16b6f5f1b92bb4236827700e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 12:45:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98387
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 05 Sep 2024 12:45:42 GMT
collect
analytics.google.com/g/ 		0
256 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-19MLGQ2QDN&gtm=45je4930v9134176441za200&_p=1725540341911&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-us&sr=1600x1200&cid=966893791.1725540342&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwell.burnalong.com%2Flogin&dp=%2Flogin&dt=Burnalong%20%7C%20Login&sid=1725540342&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3896
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://well.burnalong.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
256 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-19MLGQ2QDN&cid=966893791.1725540342&gtm=45je4930v9134176441za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-19MLGQ2QDN&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://well.burnalong.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
17 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-FJSHYQJNWK&gtm=45je4930v878335070za200&_p=1725540341911&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-us&sr=1600x1200&cid=966893791.1725540342&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwell.burnalong.com%2Flogin&dp=%2Flogin&dt=Burnalong%20%7C%20Login&sid=1725540343&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3948
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Sep 2024 12:45:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://well.burnalong.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 0B50 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 0B50 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
rum
browser-intake-ddog-gov.com/api/v2/ 		53 B
488 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://browser-intake-ddog-gov.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.4.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Aburnalong-react-web-experience%2Cversion%3A2024.04.01&dd-api-key=pubff6077239f34755409cc82c3aef12593&dd-evp-origin-version=5.4.0&dd-evp-origin=browser&dd-request-id=d85e6cc8-08b5-46ef-aed4-6efe64127ffa&batch_time=1725540344023
Requested by
Host: well.burnalong.com
URL: https://well.burnalong.com/assets/index-1aX48tdS.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.30.62.21 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-30-62-21.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
d2493db5f54a2eb02c7d7e82d86b4b4a1f78241c03ccfcb32ff6fd103d2bc778
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://well.burnalong.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 05 Sep 2024 12:45:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
Content-Type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
Connection
keep-alive
Content-Length
53
dd-request-id
d85e6cc8-08b5-46ef-aed4-6efe64127ffa

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| googleTranslateElementInit object| truste function| shouldRepop function| shouldResolveConsent string| userType object| $temp_closebtn_style function| _DumpException object| default_tr object| _F_toggles string| MSG_TRANSLATE string| MSG_CANCEL string| MSG_CLOSE function| MSGFUNC_PAGE_TRANSLATED_TO function| MSGFUNC_TRANSLATED_TO string| MSG_GENERAL_ERROR string| MSG_LEARN_MORE function| MSGFUNC_POWERED_BY string| MSG_TRANSLATE_PRODUCT_NAME string| MSG_TRANSLATION_IN_PROGRESS function| MSGFUNC_TRANSLATE_PAGE_TO function| MSGFUNC_VIEW_PAGE_IN string| MSG_RESTORE string| MSG_SSL_INFO_LOCAL_FILE string| MSG_SSL_INFO_SECURE_PAGE string| MSG_SSL_INFO_INTRANET_PAGE string| MSG_SELECT_LANGUAGE function| MSGFUNC_TURN_OFF_TRANSLATION function| MSGFUNC_TURN_OFF_FOR string| MSG_ALWAYS_HIDE_AUTO_POPUP_BANNER string| MSG_ORIGINAL_TEXT string| MSG_FILL_SUGGESTION string| MSG_SUBMIT_SUGGESTION string| MSG_SHOW_TRANSLATE_ALL string| MSG_SHOW_RESTORE_ALL string| MSG_SHOW_CANCEL_ALL string| MSG_TRANSLATE_TO_MY_LANGUAGE function| MSGFUNC_TRANSLATE_EVERYTHING_TO string| MSG_SHOW_ORIGINAL_LANGUAGES string| MSG_OPTIONS string| MSG_TURN_OFF_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_SUGGESTION string| MSG_ALT_ACTIVITY_HELPER_TEXT string| MSG_USE_ALTERNATIVES string| MSG_DRAG_TIP string| MSG_CLICK_FOR_ALT string| MSG_DRAG_INSTUCTIONS string| MSG_SUGGESTION_SUBMITTED string| MSG_MANAGE_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_AND_CONTRIBUTE_ACTIVITY_HELPER_TEXT string| MSG_ORIGINAL_TEXT_NO_COLON string| MSG_LANGUAGE_UNSUPPORTED string| MSG_LANGUAGE_TRANSLATE_WIDGET string| MSG_RATE_THIS_TRANSLATION string| MSG_FEEDBACK_USAGE_FOR_IMPROVEMENT string| MSG_FEEDBACK_SATISFIED_LABEL string| MSG_FEEDBACK_DISSATISFIED_LABEL string| MSG_TRANSLATION_NO_COLON function| _exportVersion function| _getCallbackFunction function| _exportMessages function| _loadJs function| _loadCss function| _isNS function| _setupNS object| google object| global function| clearImmediate function| setImmediate object| regeneratorRuntime object| DD_RUM string| __reactRouterVersion string| GoogleAnalyticsObject function| ga function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| closure_lm_644697 object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager function| onYouTubeIframeAPIReady

10 Cookies

Domain/Path Name / Value
.well.burnalong.com/ Name: TAsessionID
Value: 40f5c207-4a20-49b7-b711-f0b955e34b89|NEW
.well.burnalong.com/ Name: notice_behavior
Value: implied,eu
.burnalong.com/ Name: ab.storage.sessionId.cdccf353-aad2-4961-b64b-8941fdd16f93
Value: g%3A1eedbfbb-2bb7-4f61-bced-af13084bef3e%7Ce%3A1725542140900%7Cc%3A1725540340901%7Cl%3A1725540340901
.burnalong.com/ Name: ab.storage.deviceId.cdccf353-aad2-4961-b64b-8941fdd16f93
Value: g%3A235c392f-e217-8792-1240-81a643bdf367%7Ce%3Aundefined%7Cc%3A1725540340903%7Cl%3A1725540340903
.burnalong.com/ Name: _ga
Value: GA1.2.966893791.1725540342
.burnalong.com/ Name: _gid
Value: GA1.2.1949268271.1725540342
.burnalong.com/ Name: _gat
Value: 1
.burnalong.com/ Name: _ga_19MLGQ2QDN
Value: GS1.2.1725540342.1.0.1725540342.60.0.0
.burnalong.com/ Name: _ga_FJSHYQJNWK
Value: GS1.2.1725540343.1.0.1725540343.0.0.0
well.burnalong.com/ Name: _dd_s
Value: rum=2&id=0e0a883e-2ce4-4bf8-ae36-78f954fd7214&created=1725540341011&expire=1725541241011

3 Console Messages

Source Level URL
Text
recommendation verbose URL: https://well.burnalong.com/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security error URL: https://translate.googleapis.com/
Message:
Refused to frame '' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com".
security error URL: https://well.burnalong.com/assets/index-1aX48tdS.js(Line 1858)
Message:
Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' blob:;script-src 'self' blob: https://*.burnalong.com https://translate.google.com https://www.google-analytics.com/analytics.js https://translate.googleapis.com;script-src-elem 'unsafe-inline' 'self' https://*.trustarc.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://translate.google.com https://*.googleapis.com https://*.tivityhealth.com;style-src 'unsafe-inline' 'self' https://*.burnalong.com;style-src-elem 'unsafe-inline' https://*.braintreegateway.com https://fonts.googleapis.com https://*.burnalong.com https://use.fontawesome.com https://www.gstatic.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net wss://global.vss.twilio.com https://*.twilio.com https://*.s3-accelerate.amazonaws.com https://*.burnalong.com https://sdk.iad-02.braze.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.googleapis.com https://*.tivityhealth.com https://get.geojs.io https://browser-intake-ddog-gov.com https://www.google-analytics.com https://*.braintree-api.com https://*.braintreegateway.com;font-src 'self' https://*.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.trustarc.com/ https://www.youtube.com https://*.braintreegateway.com; img-src 'self' data: blob: https://*.trustarc.com https://www.google.com https://*.burnalong.com https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com https://*.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; manifest-src 'self' https://*.burnalong.com; media-src 'self' blob: https://bapy-dev-storage.s3.amazonaws.com https://bapy-prod-storage.s3.amazonaws.com
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
browser-intake-ddog-gov.com
consent.trustarc.com
fonts.googleapis.com
fonts.gstatic.com
sdk.iad-02.braze.com
stats.g.doubleclick.net
translate.google.com
translate.googleapis.com
use.fontawesome.com
well.burnalong.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
142.250.81.238
18.238.49.47
2001:4860:4802:36::181
2600:9000:21dd:b200:13:9a9c:60c0:93a1
2606:4700:3037::ac43:8ef5
2606:4700:4400::ac40:9a8e
2607:f8b0:4004:c06::9a
2607:f8b0:4006:80a::2003
2607:f8b0:4006:80e::200e
2607:f8b0:4006:80f::200a
2607:f8b0:4006:81d::2008
2607:f8b0:4006:81e::200e
2607:f8b0:4006:822::200a
2607:f8b0:4006:823::2003
3.30.62.21
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
1467b87ba1e5c5dff51a60f09dcd9641a57121ec91884efedb7502afcf4c552b
1776325e8aa4b22574c2933a9882c499113c2e921813ff131e1ca36a43df3ced
22dd566a4011a1f0da1b0d70ed6bf4624166435b6ed096b1c04ad89dfb8ec690
312efb79dd9fffa8f78639f091bfd74a14d993586c39a5446a4872603fea939f
3573c9d5f53d1934b46a4728fafc59908a8fb11d4714657d871aa24c01b7c014
38c66a34d0d4194d734124dea030b7b8aef2441cfd0feec1c1bcd87f67ebf393
492d00e4a4110b712efd91a46f205045b2f207df8bc960be6f46b0964107f7cd
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e31b8bff9945af718f6b89560a342444dfe3ff955d25d9983d3562cd2fe0f64
566d6c23db0fa650d40117d059fddd922b47a66db4ec1fef768ac256bd2d03a8
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
66c4dba31810f22ca9686c7facf71ebec3ff371dbfb5319bca98e6d308837de5
6d9202d8f90acdf87f19a9bac5df95d2134332e082c68419213e02431f7feb63
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
7ac0d1eb80fe86438a18685913235202728debbb7b36ed35abb073985af9eda8
8802a626799348acdbd39184157d98bf6d59db06331f978bbd6fa21d9c749266
9737a2cd5df323dbea3cdc36ff73d0af82a3815b2928f71038f14d8181cd6bda
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
b3b8b4ad8da342350ec94f51fd56716f118343dcc6731c9b00e613aae801dfae
bdd2202f98c6e2e4d5f01b464028e30339afde58e8ec24d24cfed471adc31685
c1aea5c1ef58db536bdd65b4318ee31f55049068869b7cc4ce7a14389a0b5d02
cef448259ad8666d1776c8154eb433496a2b32f16b6f5f1b92bb4236827700e6
d2493db5f54a2eb02c7d7e82d86b4b4a1f78241c03ccfcb32ff6fd103d2bc778
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0a0340b7c912b0e1e0e020532b87affb27b7ae7be6ff084199800973a53ff6a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e91388b5fe2f2dee605a44cc45666474e27b8954be369e600a6db90b34efc658
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48
e9638d0c1c2ddda07fab08f9c09f4f272c35d786bd0faecd1d4cd3ee0ce6c7e6
e978fee9deb7361869598ee9422c2fe781f4c2e1a855b7492ba3e063e1014f61
ed3b8b27929a7f9a790138037b2237cf6733fd70ec6b5199b1a86dd61e447124
f2769341fbf31a14e512d5b4138e93597e2eaf57dc58a09748a0515f4d4fd267