www.railcard.co.uk Open in urlscan Pro
2600:9000:214f:4200:f:6e6b:4bc0:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.railcard.co.uk/
Submission: On April 11 via manual (April 11th 2024, 12:50:13 pm UTC) from US — Scanned from DE

Summary HTTP 83 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 83 HTTP transactions. The main IP is 2600:9000:214f:4200:f:6e6b:4bc0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.railcard.co.uk. The Cisco Umbrella rank of the primary domain is 927660.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 27th 2024. Valid for: a year.

This is the only time www.railcard.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	2600:9000:214... 2600:9000:214f:4200:f:6e6b:4bc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
5	13.107.246.67 13.107.246.67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.102.53 18.66.102.53	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
10	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.107 13.32.27.107	16509 (AMAZON-02) (AMAZON-02)
1	20.54.140.8 20.54.140.8	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.112.79 18.66.112.79	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2 4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
83	16

42 2600:9000:214f:4200:f:6e6b:4bc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.railcard.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.246.67 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.webtrends-optimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.54.140.8 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ots.webtrends-optimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	railcard.co.uk www.railcard.co.uk — Cisco Umbrella Rank: 927660	399 KB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 317	158 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2490	21 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	513 KB
6	webtrends-optimize.com c.webtrends-optimize.com — Cisco Umbrella Rank: 43092 ots.webtrends-optimize.com — Cisco Umbrella Rank: 40337	64 KB
5	googlesyndication.com 2 redirects ade.googlesyndication.com — Cisco Umbrella Rank: 301 pagead2.googlesyndication.com — Cisco Umbrella Rank: 107	1 KB
2	gstatic.com fonts.gstatic.com	31 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 184	90 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 795 script.hotjar.com — Cisco Umbrella Rank: 1208	59 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2933	2 KB
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2945	232 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39	2 KB
83	12

	Domain	Requested by
42	www.railcard.co.uk	www.railcard.co.uk
10	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
6	www.googletagmanager.com	www.railcard.co.uk www.googletagmanager.com
5	www.google-analytics.com	www.googletagmanager.com
5	c.webtrends-optimize.com	www.railcard.co.uk c.webtrends-optimize.com
4	ade.googlesyndication.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	connect.facebook.net	www.railcard.co.uk connect.facebook.net
2	dev.visualwebsiteoptimizer.com	www.railcard.co.uk
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	vc.hotjar.io	script.hotjar.com
1	ots.webtrends-optimize.com	c.webtrends-optimize.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.railcard.co.uk
1	fonts.googleapis.com	www.railcard.co.uk
83	16

This site contains links to these domains. Also see Links.

Domain
secure.railcard.co.uk
www.16-25railcard.co.uk
www.disabledpersons-railcard.co.uk
www.familyandfriends-railcard.co.uk
www.network-railcard.co.uk
www.twotogether-railcard.co.uk
www.26-30railcard.co.uk
www.senior-railcard.co.uk
www.16-17saver.co.uk
www.veterans-railcard.co.uk
www.facebook.com
twitter.com
www.instagram.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
www.railcard.co.uk Amazon RSA 2048 M02	`2024-03-27` - `2025-04-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.webtrends-optimize.com Go Daddy Secure Certificate Authority - G2	`2024-02-27` - `2025-03-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-19` - `2024-04-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.railcard.co.uk/
Frame ID: A818DDF6E2E9604668C493B29B1F1F5B
Requests: 83 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Railcards | Digital Railcard and Prices | National Rail

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui[.-]([\d.]*\d)[^/]*\.js
jquery-ui.*\.js

prettyPhoto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:<link [^>]*href="[^"]*prettyPhoto(?:\.min)?\.css|<a [^>]*rel="prettyPhoto)
jquery\.prettyPhoto\.js

Page Statistics

83
Requests

98 %
HTTPS

56 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

1340 kB
Transfer

3818 kB
Size

10
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.railcard.co.uk/Account/My-Railcards/
Title: Renew my Railcard

Search URL Search Domain Scan URL

URL: https://secure.railcard.co.uk/Account/My-Railcards
Title: Manage my Railcard

Search URL Search Domain Scan URL

URL: https://www.16-25railcard.co.uk/
Title: 16-25 Railcard

Search URL Search Domain Scan URL

URL: https://www.disabledpersons-railcard.co.uk/
Title: Disabled PersonsRailcard

Search URL Search Domain Scan URL

URL: https://www.familyandfriends-railcard.co.uk/
Title: Family & FriendsRailcard

Search URL Search Domain Scan URL

URL: https://www.network-railcard.co.uk/
Title: Network Railcard

Search URL Search Domain Scan URL

URL: https://www.twotogether-railcard.co.uk/
Title: Two Together Railcard

Search URL Search Domain Scan URL

URL: https://www.26-30railcard.co.uk/
Title: 26-30 Railcard

Search URL Search Domain Scan URL

URL: https://www.senior-railcard.co.uk/
Title: Senior Railcard

Search URL Search Domain Scan URL

URL: https://www.16-17saver.co.uk/
Title: 16-17 Saver

Search URL Search Domain Scan URL

URL: https://www.veterans-railcard.co.uk/
Title: Veterans Railcard

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Railcard/

Search URL Search Domain Scan URL

URL: https://twitter.com/_Railcards

Search URL Search Domain Scan URL

URL: https://www.instagram.com/national.rail/

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 77

https://ade.googlesyndication.com/ddm/activity/src=4087088;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=4087088;dc_pre=CMHn08KZuoUDFcYRogMd-kMKUA;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F

Request Chain 78

https://ade.googlesyndication.com/ddm/activity/src=8341063;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=8341063;dc_pre=CO3k08KZuoUDFUwdogMdHIoFCA;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F

83 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.railcard.co.uk/ 29 KB
9 KB 434ms
326ms Document
text/html 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache / PHP/8.1.27

Resource Hash

9b8dafd4bfea3e3a76848764a28777992445a4efdd9b6d94983b160294af087b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .google.com .visualwebsiteoptimizer.com .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .cookielaw.org .googlesyndication.com .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 7151
content-security-policy: default-src 'self'; connect-src 'self' *.google.com *.visualwebsiteoptimizer.com *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.cookielaw.org *.googlesyndication.com *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
content-type: text/html; charset=UTF-8
date: Thu, 11 Apr 2024 12:50:06 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-id: U9Wgvcs3jH7Fmf3PgwioIWgkmk5O77lUIbyaHbE4ffkv2MMFCetstQ==
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/8.1.27
x-xss-protection: 1; mode=block

GET
H2 200 style.css
www.railcard.co.uk/css/ 73 KB
15 KB 34ms
29ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

c31442b879547832b4be9f1f303f602fded56ccc26d3e738da25ac00ea72e5be

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 13539
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Jan 2024 15:01:57 GMT
server: Apache
etag: "124f7-60f8a1c6be340-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: pMlWRIKsjblLCNgJZnSGgvbsqtCFC6GUoa-opFufKUKMI6t2_bafeA==

GET
H2 200 css
fonts.googleapis.com/ 19 KB
2 KB 94ms
34ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,600,700,900%7COpen+Sans:400,700

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e688ad0c9db2eb2cf61095061809d0b66bb129ab5fbcfeeb47c24802b55bc4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Thu, 11 Apr 2024 12:50:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 12:50:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 11 Apr 2024 12:50:06 GMT

GET
H2 200 jquery-3.7.1.min.js Show response
www.railcard.co.uk/shared_files/clientscripts/jquery/ 85 KB
31 KB 39ms
34ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/shared_files/clientscripts/jquery/jquery-3.7.1.min.js

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 30362
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Jan 2024 12:23:48 GMT
server: Apache
etag: "155ed-60ebebc6d2d9a-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: k8mzgA6FWSU6c4h9zMrDIP0AeG7Y1-RggZX9UUXh8Jc0Sw-URMCTzg==

GET
H2 200 jquery-migrate-3.4.1.min.js Show response
www.railcard.co.uk/clientscripts/ 13 KB
7 KB 35ms
30ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/jquery-migrate-3.4.1.min.js

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

1f672e387d66697b419d99b5478f8763a7ce6efc23744c909e34cfff22c112e8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 4875
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 10 May 2023 10:13:38 GMT
server: Apache
etag: "3509-5fb54201ab880-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: HbRDkHI2zJbVkuM79FrCgvpqfbeitMfsCak6n27W6QTc5IiYlWFq6A==

GET
H2 200 jquery-ui.1.13.2.min.js Show response
www.railcard.co.uk/clientscripts/ 249 KB
68 KB 62ms
56ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/jquery-ui.1.13.2.min.js

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 14 Jul 2022 19:51:06 GMT
server: Apache
etag: "3e46c-5e3c938e4be80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: Pf6lVQSJ1mmnxCwuFwXayMnnn1oIet0LE6Hcgeho88zZvwlbjKfA7g==

GET
H2 200 jquery-ui-1.8.10.custom.css
www.railcard.co.uk/shared_files/css/jquery/ 34 KB
8 KB 56ms
51ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/shared_files/css/jquery/jquery-ui-1.8.10.custom.css?v2024-01-22_15-02

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ceba1252151d6c4f3a9f8358be9dd0fc24c354fa079347ef68770b391d4157ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 5987
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Jan 2024 12:23:48 GMT
server: Apache
etag: "86fa-60ebebc6e6dec-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: pdds5PQRLcXR1cxIYta6qhTSLJTLTGmiLrv5jiiXdUYP_pqAacgKog==

GET
H2 200 dropdown.css
www.railcard.co.uk/css/ 3 KB
3 KB 82ms
77ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/css/dropdown.css?v2024-01-22_15-02

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

35c69b62c449de910d8881d17c7768be9ad2add2d1ade8331249cbdbd7778087

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 1120
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "d82-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: FVw3QBElX4-p4c04jrg4b8JzCXF6RQR5Ln_Z7u2HOQLNo3qg4346hQ==

GET
H2 200 superfish.min.js Show response
www.railcard.co.uk/clientscripts/ 4 KB
4 KB 85ms
80ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/superfish.min.js?v4

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

55f1919a1b0079338dca307fe0f58c6614b755007f20535eacd425e18b5e7fc3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 1903
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "119e-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: jHuPzbxkk-OKtv49pUym70NYoZfl9i1MWAgWeg6SPiRtQIIeo7JAMw==

GET
H2 200 jquery.hoverIntent.min.js Show response
www.railcard.co.uk/clientscripts/ 2 KB
3 KB 85ms
81ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/jquery.hoverIntent.min.js?v4

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

261f866e9086a3c65cd336636a04bf9b07a137a4f5f31c2640a75277706131c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 983
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "91d-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 0tA3iGI-e7lRrSJdyK2ev3SVIZEp_gjLmamO6Orn0ODYTaJn1Pixew==

GET
H2 200 style7_6.css
www.railcard.co.uk/shared_files/css/misc/ 294 B
2 KB 58ms
53ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/shared_files/css/misc/style7_6.css?v2

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9255da877744044190c59123d34ee16085edd915857e368fb03c890e0fcf895b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 195
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Jan 2024 12:23:48 GMT
server: Apache
etag: "126-60ebebc6e8174-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 5PKF72abTF5hvz8yK7-PlZlbxorwILcvL3UoVYlnVakmT6TDBTwXww==

GET
H2 200 slick.css
www.railcard.co.uk/css/ 2 KB
2 KB 81ms
76ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/css/slick.css?v2

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 569
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "6f0-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: CbVKPkJtRNtLJT-TqT8vV_8pzl3mjhxIVcFon32zwe9BHHWInzJVNg==

GET
H2 200 slick-theme.css
www.railcard.co.uk/css/ 3 KB
3 KB 57ms
52ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/css/slick-theme.css?v2

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

89ee2ab509e3c2cc072fe273d7b6b2306e54ef9cce97084cc33340da80a4413c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 871
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "c50-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: zXuEDhDTadx7C76BRuMS1i9hMMwwiKf9ZEU4pjIp-Cn-mBtbX2d0-w==

GET
H2 200 slick.min.js Show response
www.railcard.co.uk/clientscripts/ 42 KB
12 KB 94ms
90ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/slick.min.js?v2

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 10442
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "a76f-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: iZ-FuE6_mM3KHq7svN0LF4bj_doxcUVoaBKAxGyJRGfModrd9U1FpQ==

GET
H2 200 prettyPhoto.css
www.railcard.co.uk/css/ 26 KB
5 KB 83ms
79ms Stylesheet
text/css 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/css/prettyPhoto.css?v2024-01-22_15-02

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

de84e4bb21e1ae8163dd8707a87f30eabec808ba086f3ab391e2c86f6b597899

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 3297
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "664a-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: -s3ybWZ38JI7HKNhHFVI9-ap2YU6qC3zOqAQiBf6_B-WgHlIQtlrmA==

GET
H2 200 jquery.prettyPhoto.js Show response
www.railcard.co.uk/clientscripts/ 23 KB
8 KB 95ms
91ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/jquery.prettyPhoto.js

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

665c7a756cf287ab25f816844f862ef0d7b40b6814155753fedeac05b2838502

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 6248
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "5d33-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: hgpF7qZFNHBAyXoqV5rhiXBrVmCHoxNWf3tknxcUUGRW-SLxQNAhIA==

GET
H2 200 jquery.meerkat.1.3.min.js Show response
www.railcard.co.uk/clientscripts/ 4 KB
4 KB 96ms
93ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/jquery.meerkat.1.3.min.js

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

063d293db93cc2b01f361e449ebc8624bbbaf25bb025f561787b7043e45893fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 2060
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "10bd-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: EG9bQIyrtxRTbYpWT5Gu5LForZl-iOlXGCxytLxFbp5DW30IumjQDQ==

GET
H2 200 mobile-detect.min.js Show response
www.railcard.co.uk/clientscripts/ 38 KB
18 KB 98ms
95ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/mobile-detect.min.js?v1

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

52bf76788a74adae05d7df31866aab58cca218df49a9e8d2f729f9f3f8935167

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 16320
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "9838-5bbeaa0cbb780-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 2xQNAuyKNMbC5WeIzxPWZ7ZFiNW0iPi2n2mcPIRyP3l7cnkJgSoqTQ==

GET
H2 200 railcards.js Show response
www.railcard.co.uk/clientscripts/ 29 KB
9 KB 97ms
94ms Script
application/javascript 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/clientscripts/railcards.js?v81

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

f7ee80bc0a4cad4a98425f6635027275e88ae0b4f4ca6b0e244ab300aebe0006

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 7773
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 11:17:30 GMT
server: Apache
etag: "7425-609014ce5a680-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: AjZSsM1xRArqiTSSl0UmfAn4YvNi_a8WUSjRU3aYadT95KFkKy22Cw==

GET
H2 200 wt.js Show response
c.webtrends-optimize.com/acs/accounts/47cb8b22-5cd0-480f-aaed-ca87b4059547/js/ 91 KB
25 KB 374ms
103ms Script
text/javascript 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.webtrends-optimize.com/acs/accounts/47cb8b22-5cd0-480f-aaed-ca87b4059547/js/wt.js
Requested by: Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b5fd726918691c8a36c67fa0a25a539f5fa2ab0a8920b89f7f7eba073b600ed1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 17:03:01 GMT
etag: "16c99-61493433c1bbd-gzip"
vary: Accept-Encoding
x-azure-ref: 20240411T125007Z-164d799447d4rdsx4x5dwffyt000000001t000000000e6kf
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: max-age=86400
x-fd-int-roxy-purgeid: 68564484
accept-ranges: bytes
content-length: 25681
expires: Tue, 09 Apr 2024 15:52:04 GMT

GET
H2 200 arrow_down.png
www.railcard.co.uk/images/ 1 KB
3 KB 25ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/arrow_down.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6c2df53da3e3b33ed17a5110b271a40c6a7ab692962572ee990a6e78c4205870

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 1026
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "402-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: YRPDXaSMS9Kno_0hz-AmVF-Ym-MkZKX5CePjD4qfs5XmGTA1BjKAxQ==

GET
H2 200 logo.png
www.railcard.co.uk/images/ 2 KB
4 KB 98ms
96ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/logo.png?v3

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

a09ab398326cf3cee987abcd5c83ff221f4f9e0a016914d24e203f50db526f4f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 2372
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "944-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: R7GU5IlnlW8divP7v6wnRI6xPl25-1CrDn9SVyDp7Pwa0Z9amkea8w==

GET
H2 200 Senior_HeroGraphic.png
www.railcard.co.uk/clientfiles/images/ 4 KB
6 KB 99ms
97ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/Senior_HeroGraphic.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

bf46e10b01206575bb37935fd42d160a93732b3e1633d25b935c13989e6f4e54

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148783
x-cache: Hit from cloudfront
content-length: 4115
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Sep 2020 16:05:30 GMT
server: Apache
etag: "1013-5af0bda9c32a0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: pVPTrSrQMk9UN5uFA1ZpBKp07s7TGKVgPPIH1UU-6gxyEmBVnKfHYw==

GET
H2 200 pie_chart_railcard.png
www.railcard.co.uk/clientfiles/images/ 576 B
2 KB 25ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/pie_chart_railcard.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

682a85f055e9a29d54443d05a1f818e58a98b8a63f647cde307b123675e389de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 576
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Sep 2020 15:53:42 GMT
server: Apache
etag: "240-5af0bb0676b30"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: T2tE_lRCesZV4kW8mPG6BDj4i_xefpOed_9-bmXTVYazV711uDMhWg==

GET
H2 200 piggy_bank_railcard.png
www.railcard.co.uk/clientfiles/images/ 588 B
2 KB 25ms
25ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/piggy_bank_railcard.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

db2868fc186004df16aa32817e55fef623c100e1a9709d4f34f9bfb9902ec5cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 588
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Sep 2020 15:53:57 GMT
server: Apache
etag: "24c-5af0bb144a018"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: tXRWQd40RZa-1u1fVjdfBR3u0mda7dXwBG9CMS_BpYzwYpQ4c9xBVw==

GET
H2 200 mobile_phone_railcard.png
www.railcard.co.uk/clientfiles/images/ 355 B
2 KB 24ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/mobile_phone_railcard.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

d85cae719ddf5689fa2ebefcfb9b4ac8296ecd3029b32e4a68004d70427da7e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 355
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Sep 2020 15:54:10 GMT
server: Apache
etag: "163-5af0bb20ffab0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: ibccCzdjtIdsRLzi_1zQhtWphTpfbKUsUVXDw8-hrIOxuo_eIeRJ1w==

GET
H2 200 padlock_railcard.png
www.railcard.co.uk/clientfiles/images/ 530 B
2 KB 24ms
23ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/padlock_railcard.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6d7862bf800a2eaef0667730a77ae413a5f636c2779304c95089b886edfc4023

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 530
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Sep 2020 15:54:20 GMT
server: Apache
etag: "212-5af0bb2a76080"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 5Qu85aBkonJA2345Q9sQ2AYlURlTyI-nBLzVV4dvPPLgZ_8ypOKYOg==

GET
H2 200 national-rail-logo3.png
www.railcard.co.uk/images/ 11 KB
12 KB 25ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/national-rail-logo3.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

89f7f501a58575cab50a36a9d89ffae0804db9d7d33c8ae14f0d1f838464b737

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148472
x-cache: Hit from cloudfront
content-length: 10868
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "2a74-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: UQdC4oCbhGVpPTUmrsHrr6n499-KMaL-9heNTqIssMgvtv7W_vi0JA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 423 KB
117 KB 109ms
52ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

52f1233839cfff18a68a8d0f2829e687b7a90160340fd400abd4852e6e9744b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119828
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Apr 2024 12:50:07 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 85ms
26ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=250046&u=https%3A%2F%2Fwww.railcard.co.uk%2F&r=0.3885273092050263
Requested by: Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 61326030078c85bdcf796d2fea9d42da7ac31c372d578c2477f1e0b871d131c0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sizzle.min.js Show response
c.webtrends-optimize.com/acs/common/js/5.4/ 19 KB
8 KB 115ms
113ms Script
text/javascript 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.webtrends-optimize.com/acs/common/js/5.4/sizzle.min.js
Requested by: Host: c.webtrends-optimize.com
URL: https://c.webtrends-optimize.com/acs/accounts/47cb8b22-5cd0-480f-aaed-ca87b4059547/js/wt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: a70b993e6415ddfd66ea6ee209e3ab2fa3f88b0d3e4329aec59cffedf2c32db6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
last-modified: Tue, 19 Feb 2019 17:53:50 GMT
etag: "4d8a-58242ec738780-gzip"
vary: Accept-Encoding
x-azure-ref: 20240411T125007Z-164d799447d4rdsx4x5dwffyt000000001t000000000e6kz
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: public, max-age=2678400
x-fd-int-roxy-purgeid: 68564484
accept-ranges: bytes
content-length: 7375
expires: Thu, 11 Apr 2024 12:59:10 GMT

GET
H2 200 common.js Show response
c.webtrends-optimize.com/acs/common/js/5.4/ 20 KB
7 KB 115ms
113ms Script
text/javascript 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.webtrends-optimize.com/acs/common/js/5.4/common.js
Requested by: Host: c.webtrends-optimize.com
URL: https://c.webtrends-optimize.com/acs/accounts/47cb8b22-5cd0-480f-aaed-ca87b4059547/js/wt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cfd886a01f6af8332fc28434bfeb5fb5c29e3417d31b0f8d52c1fd60bafafba8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 17:39:43 GMT
etag: "516e-5bd09eb477b58-gzip"
vary: Accept-Encoding
x-azure-ref: 20240411T125007Z-164d799447d4rdsx4x5dwffyt000000001t000000000e6m0
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: public, max-age=2678400
x-fd-int-roxy-purgeid: 68564484
accept-ranges: bytes
content-length: 6511
expires: Thu, 11 Apr 2024 03:32:44 GMT

GET
H2 200 wt_debugger.js Show response
c.webtrends-optimize.com/acs/common/js/5.4/ 4 KB
2 KB 115ms
114ms Script
text/javascript 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.webtrends-optimize.com/acs/common/js/5.4/wt_debugger.js
Requested by: Host: c.webtrends-optimize.com
URL: https://c.webtrends-optimize.com/acs/accounts/47cb8b22-5cd0-480f-aaed-ca87b4059547/js/wt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0f28f8ef3c65ede1c3171b6e44188fca93e15b53d362d0bbb9a22c93d3f73fdd

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 17:39:43 GMT
etag: "10d0-5bd09eb4d5758-gzip"
vary: Accept-Encoding
x-azure-ref: 20240411T125007Z-164d799447d4rdsx4x5dwffyt000000001t000000000e6m1
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: public, max-age=2678400
x-fd-int-roxy-purgeid: 68564484
accept-ranges: bytes
content-length: 1720
expires: Thu, 11 Apr 2024 07:37:50 GMT

GET
H2 200 wt_lib.js Show response
c.webtrends-optimize.com/acs/common/js/5.4/ 69 KB
19 KB 117ms
116ms Script
text/javascript 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.webtrends-optimize.com/acs/common/js/5.4/wt_lib.js
Requested by: Host: c.webtrends-optimize.com
URL: https://c.webtrends-optimize.com/acs/accounts/47cb8b22-5cd0-480f-aaed-ca87b4059547/js/wt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 249f5da01a64c4809b00baa1f828e663e91a52268689c84332b5157ee96ee1a9

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 17:39:51 GMT
etag: "1143c-5bd09ebc0d1d8-gzip"
vary: Accept-Encoding
x-azure-ref: 20240411T125007Z-164d799447d4rdsx4x5dwffyt000000001t000000000e6m2
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: public, max-age=2678400
x-fd-int-roxy-purgeid: 68564484
accept-ranges: bytes
content-length: 18846
expires: Thu, 11 Apr 2024 00:31:33 GMT

GET
H2 200 hotjar-630230.js Show response
static.hotjar.com/c/ 9 KB
4 KB 88ms
22ms Script
application/javascript 18.66.102.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-630230.js?sv=6

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-53.fra56.r.cloudfront.net

Software

Resource Hash

f4d733d851b4bde7961422306f9ca2cdb621a2ccd03290def9dcf0dedfa2c7b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 11 Apr 2024 12:49:47 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 20
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/07a3016862a9d8cfcfcc3efedc0be9f0
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: lB3Qb9HwmgbH3C48VNM-Wnf280kGJXjPanaBs_qdHk17AqQBi___jg==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 78ms
26ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1141c528b4294728f07c80466f3c154e23c2d18ff4f6ab33bd653e2b9182fe16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 11 Apr 2024 12:50:07 GMT
content-md5: Hk9SYFo1LqRC8OqBSp64Kg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1326, tbw=2773, tp=-1, tpl=-1, uplat=4, ullat=-1
x-fb-debug: qz5A6Mvc1MKAZhRF+UuGIONJOPFRlodFzPjMEKbBir586MtTmMVLreFFlfqSCXxO1fsU1WV/Q3I3dzdkO3jkiQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 321e0c19b5d1e04bbe6bec02a0b12624
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "96bc3df79140eb72179fdaf552eebb56"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 11 Apr 2024 13:07:29 GMT

GET
H2 200 icon-search.png
www.railcard.co.uk/images/ 1 KB
3 KB 26ms
25ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/icon-search.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

d077b0d54b2b766d4aac41096daef8f55d4227e744d8a8ffc35ae6ea370788b5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1156
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "484-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: BVFGZqzMZvilH0sziD3ZORnvOixoDGZxrVekHPCI9sI21ERvf9VwxQ==

GET
H2 200 railcard-finder-arrow-blue.png
www.railcard.co.uk/images/ 3 KB
4 KB 26ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/railcard-finder-arrow-blue.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

98606007af627011b2bbbe2b8cc702076c62c35f7bf3678599c2525b4e6923d7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 2562
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "a02-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: gy0LefASOQqjo6eEmQwP_r0RT7tXwQriPBPOx1X10ye_OebhsQVZ3A==

GET
H2 200 arrow-down-blue.png
www.railcard.co.uk/images/ 1 KB
3 KB 26ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/arrow-down-blue.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9ecea7beaceed220c95ce98b8e2c07ea87639c2ab3ecbd7697e55b6f88dcd3c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/css/style.css?v2024-01-22_15-02
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1325
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "52d-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: rZT3XrvSwaJvWNwPaJ0vFNofHRA8U92vOJ3qsMiLrs0ubl97_9OCpg==

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 84ms
26ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,600,700,900%7COpen+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.railcard.co.uk
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Apr 2024 03:50:46 GMT
x-content-type-options: nosniff
age: 464361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Apr 2025 03:50:46 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 79ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,600,700,900%7COpen+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.railcard.co.uk
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Apr 2024 00:45:23 GMT
x-content-type-options: nosniff
age: 475484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Apr 2025 00:45:23 GMT

GET
H2 200 RC-easter-campaign-hero.png
www.railcard.co.uk/clientfiles/images/hero_images/ 94 KB
95 KB 30ms
27ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/hero_images/RC-easter-campaign-hero.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9c5a0bfa12ecb8af4d7cab024b02f4e4ab07a7903ff7c579b01ad5d6fc8ca2ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Mar 2024 16:15:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 2493292
x-cache: Hit from cloudfront
content-length: 95755
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 16:12:07 GMT
server: Apache
etag: "1760b-6138d094d3c08"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: Lej3STmFycnOFYqtO9Z_B65uAR3v8y5_nZoE42QVADnrCUjejMru5A==

GET
H2 200 nr_16-25.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 1 KB
3 KB 28ms
24ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_16-25.png?v607715a5

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

fa79e09a3a9abc3c73b9a503b49fde2c775bb32242e16e011ef6ad811e46c6e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1498
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 16:06:32 GMT
server: Apache
etag: "5da-5aef7c06bd200"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 7IEYq39Tog6kfBYFMRISGQxtkw_CAYOyNL1hgA4_KTlVtEdYv4KeQg==

GET
H2 200 nr_senior.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 1 KB
3 KB 29ms
25ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_senior.png?v607715aa

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

b9cf6e79910021b6f19c573ab7d24196aecbbad710e25221fe550140983525b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1531
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 15:33:11 GMT
server: Apache
etag: "5fb-5aef74926fbc0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: jXsy8-kHPIfXXQire8GiEdtNOljPL5Yrpt2mNdpg8n7vD0CYMNje5Q==

GET
H2 200 nr_ttrc.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 1 KB
3 KB 38ms
35ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_ttrc.png?v607715bd

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

7d6aec983395576fd5fcf9495a2c158ef18ae39ec7a0f16f48d4a87af2f10781

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1534
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 15:33:37 GMT
server: Apache
etag: "5fe-5aef74ab3b640"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: rFzo49hZqmVKp2wkygbEXUgclEvTzTnv_ohuNMWmGF-1L3VoVqOAIQ==

GET
H2 200 nr_dprc.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 2 KB
3 KB 37ms
33ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_dprc.png?v607715c3

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

c9831e3390502bc4d37249e29543d74b005c213759dbcb49ceea2785a063e872

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1809
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 16:06:05 GMT
server: Apache
etag: "711-5aef7becfd540"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: DQkKFPMM2Kcd9xI2acW96oqUsI8TNop-_2O_Bk42yzUdmuQFqEMs_A==

GET
H2 200 nr_26-30.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 2 KB
3 KB 37ms
34ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_26-30.png?v607715cb

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

c268f7fe327d270846eab42d5eadac7c8f1dff23b9e814f0a5252c0316acef73

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1543
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 15:31:37 GMT
server: Apache
etag: "607-5aef7438ca840"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 875kjDbwQ-ZxJ9yuMUHYGxF9cp7XRkuqrPCPnVi043F6DnDKvhJ0Ag==

GET
H2 200 nr_ffrc.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 2 KB
3 KB 41ms
38ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_ffrc.png?v607715b1

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ec532fd6796d7e59e9cf5efbdef57c4e7761712750d99145550020ac0c7a5a23

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1555
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 15:32:08 GMT
server: Apache
etag: "613-5aef74565ae00"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: HMydEsw6f9awXC25K_royMpaGEYXUFv7YeOLPwp4erCtwfnVByLqrA==

GET
H2 200 nr_network.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 1 KB
3 KB 39ms
36ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_network.png?v607715d1

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

059d1519bceb8b78f432b78ff1877bcbe472d3958f00f67f65357d85b090996d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148784
x-cache: Hit from cloudfront
content-length: 1531
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 15:32:35 GMT
server: Apache
etag: "5fb-5aef74701aac0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: bgSlbd3YVC1jcX4stM82TaieDWXWJqc65pjVMS88cOWBVQXlvlX9ug==

GET
H2 200 16-17_logo.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 14 KB
16 KB 38ms
35ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/16-17_logo.png?v607715d7

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

cd56e4d6e7a06541abdc2fab4cc26895fd0ce7bae3721219e6033fdf2396fc8b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148779
x-cache: Hit from cloudfront
content-length: 14205
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 28 Nov 2022 09:31:31 GMT
server: Apache
etag: "377d-5ee84895a5e40"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: k_OqAHG_PTS-2l1z91FV8cAzOnbUcQEvG-0LgwThGG9R5DTewtTh9w==

GET
H2 200 nr_veterans.png
www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/ 2 KB
3 KB 39ms
37ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/clientfiles/images/railcard_boxes/logos/nr_veterans.png?v607715b7

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

8fc70c702b054dc028af1b7349d7e389940bd96deba97c442dafaf182cf77473

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:50:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148779
x-cache: Hit from cloudfront
content-length: 1544
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Sep 2020 15:34:12 GMT
server: Apache
etag: "608-5aef74cc9c500"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: jqtexiZczucna3oDST9OQBXD_x_8By8d5htUjC7q1exnpYGvOr_b7A==

GET
H2 200 chevron-down-solid.png
www.railcard.co.uk/images/ 2 KB
4 KB 40ms
37ms Image
image/png 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.railcard.co.uk/images/chevron-down-solid.png

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

12332dee21c4eb323b55fafe8dbea2e85d0392d159309c8b31d3d9b66004b678

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:55:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6148473
x-cache: Hit from cloudfront
content-length: 1986
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 01 Apr 2021 15:15:34 GMT
server: Apache
etag: "7c2-5beeab3ef9180"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 3dAio2rzJ1o7FzRRGDO-xDoSUKn3_LPIMs7AO5Q5ObW6O02Om1W8YA==

POST
H2 200 / Show response
www.railcard.co.uk/ajax/facebook-capi/ 311 B
2 KB 281ms
281ms XHR
text/html 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/ajax/facebook-capi/

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/shared_files/clientscripts/jquery/jquery-3.7.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache / PHP/8.1.27

Resource Hash

a4001f8e5145459c2ba1891ef1e2783d3a9a2782e818e5e5a77d03f4ad8a1ad8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .google.com .visualwebsiteoptimizer.com .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .cookielaw.org .googlesyndication.com .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Referer: https://www.railcard.co.uk/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.google.com *.visualwebsiteoptimizer.com *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.cookielaw.org *.googlesyndication.com *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
content-encoding: gzip
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-powered-by: PHP/8.1.27
x-cache: Miss from cloudfront
content-length: 196
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
x-amz-cf-id: COQkzXfE7ISkNYSafTAlEMH-DAhDZ1sPfmaYnQhVeUs3mC1kLoUmrg==
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 99ms
39ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Pg1MHDpg+UGdovxhidM4Kg==
age: 76607
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6839
x-ms-lease-status: unlocked
last-modified: Mon, 08 Apr 2024 16:40:46 GMT
server: cloudflare
etag: 0x8DC57EAA3D7A62A
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f92bcc34-c01e-0042-6398-8a8003000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bb5ab3373c-FRA

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
143 B 112ms
111ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=250046&d=railcard.co.uk&u=D6DAB1C94F0F73D072B5F9068A23DAC69&h=1cf578040cd76e49bd54ad93717b87c4&t=false

Requested by

Host: www.railcard.co.uk
URL: https://www.railcard.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:06 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 305 KB
86 KB 49ms
24ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=3d793c3c543765f3bccd03cb3a9a743d

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e13459cc9814939bcc0d0c32f2a24fb696b049895fa5993fb7b6b4327219a5c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Origin: https://www.railcard.co.uk
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 11 Apr 2024 12:50:07 GMT
content-md5: dTFY2tiXWrq/rg6MzNWYFg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88178
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=23, mss=1232, tbw=4321, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: Rts36S46aAAit6Rogru+ZkC1ht9IHeyBYhzatQk4oHMilAWJ6bl5/rWWa+HBBu95XEuCVK2pAgtNwFr/1JuMYg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 33812712955124fe1b86eeb31cc25d8d
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "ffceb4b05250e7323f465e5f1fbfc17f"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 11 Apr 2025 11:31:01 GMT

GET
H2 200 modules.429236d560f51d186b8b.js Show response
script.hotjar.com/ 221 KB
55 KB 81ms
25ms Script
application/javascript 13.32.27.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.429236d560f51d186b8b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-630230.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-107.fra56.r.cloudfront.net

Software

Resource Hash

fa8cabe3021c19ba54e07d28a7722cd4bfdef39dea07207518113f7e161166bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 10:18:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 9928105291571d6cae52bcb916c898d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 527521
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55714
last-modified: Fri, 05 Apr 2024 10:17:11 GMT
etag: "f153d7cc62fba42a4a256996815cbb73"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 60gqmz3_7BOcpAPOszBUBT6TtN-vL25AkKAIuOI08kivtu3wifh4YQ==

POST
H2 200 / Show response
ots.webtrends-optimize.com/ots/ots/js-5.0/2467710/ 4 KB
3 KB 255ms
70ms XHR
text/javascript 20.54.140.8
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://ots.webtrends-optimize.com/ots/ots/js-5.0/2467710/
Requested by: Host: c.webtrends-optimize.com
URL: https://c.webtrends-optimize.com/acs/common/js/5.4/wt_lib.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.54.140.8 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 6cf5e54c11d9eae60b1d3d3d28bf9b1f1818314cf0ab70683793e3553e568633

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.railcard.co.uk
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-method: POST,OPTIONS
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 e9a86320-1913-4826-a6c4-a19b1518c7f0.json Show response
cdn.cookielaw.org/consent/e9a86320-1913-4826-a6c4-a19b1518c7f0/ 4 KB
2 KB 92ms
45ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e9a86320-1913-4826-a6c4-a19b1518c7f0/e9a86320-1913-4826-a6c4-a19b1518c7f0.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb406fb33af2fea4c61d0a20b79c9d41e8a3ad4ec72a3e9adb2cdc473696249d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 11905
content-md5: ZEF+cBuT16gStgvKKLUv0Q==
content-length: 1515
x-ms-lease-status: unlocked
last-modified: Mon, 11 Mar 2024 12:16:50 GMT
server: cloudflare
etag: 0x8DC41C52138846C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 85542315-301e-000b-38ae-73c2e8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bbe8529bf2-FRA
expires: Fri, 12 Apr 2024 12:50:07 GMT

GET
H2 204 630230 Show response
vc.hotjar.io/sessions/ 0
232 B 120ms
52ms XHR
text/plain 18.66.112.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/630230?s=0.25&r=0.15492304766760756
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.429236d560f51d186b8b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-79.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 11 Apr 2024 12:50:07 GMT
cache-control: no-store
via: 1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: ddHR5snsDxvbgsIMtwjXAh4XNHDND-7cbimqLQqldcdxuGSK5OPpOA==
x-cache: Miss from cloudfront

GET
H2 200 favicon.ico
www.railcard.co.uk/ 1 KB
3 KB 25ms
24ms Other
image/vnd.microsoft.icon 2600:9000:214f:4200:f:6e6b:4bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.railcard.co.uk/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:4200:f:6e6b:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

eb359c78db8bd1947efef927f5ea66e409803fecfb742825d6e70ffab1247fb9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 08:46:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' *.azurewebsites.net *.webtrends-optimize.com *.onetrust.com *.luckyorange.com *.googlesyndication.com *.googleoptimize.com *.hotjar.io *.smct.co *.snapchat.com *.clicktripz.com *.hotjar.com *.quantcount.com *.bing.com *.cookielaw.org *.doubleclick.net *.tiktok.com *.google-analytics.com *.facebook.com https://*.eu-west-1.amazonaws.com *.smct.io https://smct.co ws:; frame-src 'self' *.google.com *.snapchat.com *.frase.io *.doubleclick.net *.adsrvr.org *.smct.io *.smct.co *.cloudfront.net *.facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' *.gstatic.com *.google.com *.webtrends-optimize.com *.roeyecdn.com *.luckyorange.com *.googleoptimize.com https://sc-static.net *.snapchat.com *.clicktripz.com *.bing.com *.quantserve.com *.quantcount.com *.adnxs.com *.visualwebsiteoptimizer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.frase.io *.hotjar.com *.cookielaw.org *.adsrvr.org *.uniqodo.com *.tiktok.com https://smct.co *.smct.co *.smct.io *.marketinghub.opentext.com *.dwin1.com *.googletagservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.awin1.com *.zenaps.com *.roeye.com *.gwallet.com *.googleoptimize.com *.daysoutguide.co.uk *.clicktripz.com *.railcard.co.uk https://railcard.qstest.zone *.railcard.co.uk.qs *.quantserve.com *.bing.com *.marketinghub.opentext.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.google.co.uk *.smct.io *.smct.co; font-src 'self' *.smct.co *.gstatic.com;
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 6149030
x-cache: Hit from cloudfront
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 22 Feb 2021 10:54:38 GMT
server: Apache
etag: "4dd-5bbeaa0cbb780"
x-frame-options: SAMEORIGIN
content-type: image/vnd.microsoft.icon
cache-control: max-age=15552000, public
permissions-policy: camera=(self), cross-origin-isolated=(self), geolocation=(), microphone=()
accept-ranges: bytes
x-amz-cf-id: 5VyPH2gMammv7evsFXjxS-pFOXhHyMh5q98hlv28hQZMCn10Im_dCQ==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/ 430 KB
105 KB 34ms
34ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5m3SVn9yaQSlRqLvlzjrBg==
age: 62916
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106956
x-ms-lease-status: unlocked
last-modified: Mon, 04 Mar 2024 07:33:33 GMT
server: cloudflare
etag: 0x8DC3C1D6598CBF8
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c5464b4d-e01e-0037-5c1c-6eeb2f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bc2b86373c-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/e9a86320-1913-4826-a6c4-a19b1518c7f0/018e0927-0fca-7c6d-af48-6797df059cdb/ 60 KB
16 KB 45ms
45ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e9a86320-1913-4826-a6c4-a19b1518c7f0/018e0927-0fca-7c6d-af48-6797df059cdb/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

877711b8f65253df133056e24498822b6f574d5aacdf81289c5ae1e124a81231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 81020
content-md5: j8CahlvksKNhdPfl/n4usQ==
content-length: 16509
x-ms-lease-status: unlocked
last-modified: Mon, 11 Mar 2024 12:16:52 GMT
server: cloudflare
etag: 0x8DC41C522DB21C9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c91fbfd3-d01e-003c-74ae-731044000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bc99289bf2-FRA
expires: Fri, 12 Apr 2024 12:50:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 303 KB
100 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-37VVL99SEK&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

39b469cdc30976d36f7a11b28db94724c4716f7b1fbc62af5cbdd9cbf5c777e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 102678
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 11 Apr 2024 12:50:07 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 210 KB
76 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1060134057&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5899a77dd175be9abd8587e5baf1febe4200becb4a968a868f9af7ba46d3e6b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77930
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Apr 2024 12:50:07 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 209 KB
76 KB 43ms
43ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-974333275&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a14ddd84ab7de9e4d1fa2577d1a19c1c1c16015f4922a577cd66343c80becd75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77993
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Apr 2024 12:50:07 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 196 KB
71 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-4087088&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d8b64cab6468421b5fcb82d2d0456b3cafa8f098997edcc3a37bf8330de8fe49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72886
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Apr 2024 12:50:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 85ms
22ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 11 Apr 2024 11:38:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4285
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 11 Apr 2024 13:38:42 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 196 KB
71 KB 59ms
59ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-8341063&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d2f56cc236ca14b506efcc7f2d00b3b8c8fd6e4199ad0860312420879e13a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72888
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Apr 2024 12:50:07 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 13 KB
3 KB 39ms
39ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: J2h618merDnrxos96K8Rfg==
age: 11905
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Mon, 04 Mar 2024 07:33:26 GMT
server: cloudflare
etag: 0x8DC3C1D6130E74D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0a4e86d1-e01e-008e-6243-6eef35000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bd098b9bf2-FRA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/ 63 KB
13 KB 46ms
46ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51dfbad7e1a227d3935016e5c4190e5e46e03daa4b249e5ded55f54235efbd7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cum224+VZtN2fQod9AfC0A==
age: 11905
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13599
x-ms-lease-status: unlocked
last-modified: Mon, 04 Mar 2024 07:33:28 GMT
server: cloudflare
etag: 0x8DC3C1D62BEEDFC
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3a8c439b-301e-00a2-3b43-6e039a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bd098d9bf2-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 21 KB
4 KB 39ms
39ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 32027
x-ms-lease-status: unlocked
last-modified: Mon, 04 Mar 2024 07:33:37 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: d9ab173b-d01e-0085-0743-6e145e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 872b19bd098e9bf2-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
489 B 39ms
39ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 32027
x-ms-lease-status: unlocked
last-modified: Thu, 11 Apr 2024 02:16:17 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 75161103-301e-0056-01c2-8bc86c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 872b19bd79f39bf2-FRA

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 36ms
35ms Image
image/png 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 76606
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Wed, 10 Apr 2024 01:51:01 GMT
server: cloudflare
etag: 0x8DC5900ACDEB77C
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 65ffb75c-c01e-001f-43f6-8a8a87000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 872b19bd8d12373c-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 35ms
35ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 11 Apr 2024 12:50:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 45166
x-ms-lease-status: unlocked
last-modified: Wed, 10 Apr 2024 06:44:17 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 87aea8f6-301e-0034-757a-8b0a4b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 872b19bd8d15373c-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
247 B 101ms
29ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-37VVL99SEK&gtm=45je4480v894827246z872807025za200&_p=1712839806842&gcs=G100&gcd=13p3p3p2p5&npa=1&dma_cps=-&dma=1&gdid=dYWJhMj&gtm_up=1&cid=1705045344.1712839808&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=denied&_s=1&sid=1712839807&sct=1&seg=0&dl=https%3A%2F%2Fwww.railcard.co.uk%2F&dt=Railcards%20%7C%20Digital%20Railcard%20and%20Prices%20%7C%20National%20Rail&en=page_view&_fv=1&_ss=1&ep.railcard=Portal&tfd=1947
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-37VVL99SEK&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.railcard.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 24ms
23ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1615246274&t=pageview&_s=1&dl=https%3A%2F%2Fwww.railcard.co.uk%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Railcards%20%7C%20Digital%20Railcard%20and%20Prices%20%7C%20National%20Rail&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGAAiAABFAAAAAAAIk~&cid=1705045344.1712839808&tid=UA-42480698-12&_gid=1687888602.1712839808&gtm=45He44a0h2n71M78MVVv72807025za200&cg4=(not%20set)&cd13=20240411&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&npa=1&z=1570895220

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 10 Apr 2024 22:47:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50549
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 24ms
24ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1615246274&t=pageview&_s=1&dl=https%3A%2F%2Fwww.railcard.co.uk%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Railcards%20%7C%20Digital%20Railcard%20and%20Prices%20%7C%20National%20Rail&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGgAiAABFAAAAAAAIk~&cid=1705045344.1712839808&tid=UA-42480698-1&_gid=268230155.1712839808&gtm=45He44a0h2n71M78MVVv72807025za200&cg4=(not%20set)&cd13=20240411&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&npa=1&z=1944829898

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 10 Apr 2024 22:47:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50549
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=4087088;dc_pre=CMHn08KZuoUDFcYRogMd-kMKUA;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CC...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=4087088;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%...
https://ade.googlesyndication.com/ddm/activity/src=4087088;dc_pre=CMHn08KZuoUDFcYRogMd-kMKUA;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3...

42 B
107 B

63ms
62ms

Image
image/gif

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=4087088;dc_pre=CMHn08KZuoUDFcYRogMd-kMKUA;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F?

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.railcard.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:08 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://ade.googlesyndication.com/ddm/activity/src=4087088;dc_pre=CMHn08KZuoUDFcYRogMd-kMKUA;type=retar329;cat=ret_r749;ord=5069946435881;npa=1;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=8341063;dc_pre=CO3k08KZuoUDFUwdogMdHIoFCA;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=8341063;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome...
https://ade.googlesyndication.com/ddm/activity/src=8341063;dc_pre=CO3k08KZuoUDFUwdogMdHIoFCA;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=...

42 B
118 B

61ms
60ms

Image
image/gif

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=8341063;dc_pre=CO3k08KZuoUDFUwdogMdHIoFCA;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F?

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.railcard.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:08 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://ade.googlesyndication.com/ddm/activity/src=8341063;dc_pre=CO3k08KZuoUDFUwdogMdHIoFCA;type=audie0;cat=msf_c0;ord=5589096365518;npa=1;u11=https%3A%2F%2Fwww.railcard.co.uk%2F;gdid=dYWJhMj;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.122%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.122;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=denied;gtm=45fe4480z872807025za201;gcs=G100;gcd=13p3p3p2p5;dma_cps=-;dma=1;epver=2;~oref=https%3A%2F%2Fwww.railcard.co.uk%2F?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
64 B 125ms
59ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p2p5&rnd=64664402.1712839808&url=https%3A%2F%2Fwww.railcard.co.uk%2F&dma_cps=-&dma=1&npa=1&gtm=45He44a0h2n71M78MVVv72807025za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M78MVV

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 11 Apr 2024 12:50:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 23ms
22ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1615246274&t=timing&_s=2&dl=https%3A%2F%2Fwww.railcard.co.uk%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Railcards%20%7C%20Digital%20Railcard%20and%20Prices%20%7C%20National%20Rail&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1087&pdt=1&dns=0&rrt=0&srt=327&tcp=58&dit=857&clt=857&_gst=1250&_gbt=1439&_u=aGgAiAABFAAAAAAAIk~&cid=1705045344.1712839808&tid=UA-42480698-12&_gid=1687888602.1712839808&gtm=45He44a0h2n71M78MVVv72807025za200&cg4=(not%20set)&cd13=20240411&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&npa=1&z=285102114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 10 Apr 2024 22:47:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50549
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 23ms
22ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1615246274&t=timing&_s=2&dl=https%3A%2F%2Fwww.railcard.co.uk%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Railcards%20%7C%20Digital%20Railcard%20and%20Prices%20%7C%20National%20Rail&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1087&pdt=1&dns=0&rrt=0&srt=327&tcp=58&dit=857&clt=857&_gst=1250&_gbt=1439&_u=aGgAiAABFAAAAAAAIk~&cid=1705045344.1712839808&tid=UA-42480698-1&_gid=268230155.1712839808&gtm=45He44a0h2n71M78MVVv72807025za200&cg4=(not%20set)&cd13=20240411&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&npa=1&z=1102528173

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.railcard.co.uk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 10 Apr 2024 22:47:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50549
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ots.webtrends-optimize.com/ots	1969-12-31 23:59:59	Name: JSESSIONID Value: 990BB8DEC976FE09CFCDD01C980A03DD
.www.railcard.co.uk/	1969-12-31 23:59:59	Name: RAILCARD Value: pia60g11sqbka4kcsl8gu7iqo1
.railcard.co.uk/	1970-01-21 04:34:22	Name: _vwo_uuid_v2 Value: D6DAB1C94F0F73D072B5F9068A23DAC69\|1cf578040cd76e49bd54ad93717b87c4
.railcard.co.uk/	1970-01-21 04:32:55	Name: _hjSessionUser_630230 Value: eyJpZCI6ImM5NjY1ZmMyLWVjZGYtNWUzNC04MjQ5LTEwZDhjY2ZhODFjYSIsImNyZWF0ZWQiOjE3MTI4Mzk4MDczMzcsImV4aXN0aW5nIjpmYWxzZX0=
.railcard.co.uk/	1970-01-20 19:47:21	Name: _hjSession_630230 Value: eyJpZCI6ImNjNDRlYThlLWE5NTAtNDAyZC04Y2Q3LWEzZmIwNzA2MzQ0ZCIsImMiOjE3MTI4Mzk4MDczMzgsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
www.railcard.co.uk/	1970-01-20 19:57:24	Name: AWSALB Value: 6KoltURm1bU+mY27K8jkGghCXEk/rIpKTmqec8mjjw+OCa8T3BnVWn8JSJfoHWOuyu9pr//+Ru5Rd/CuU3piPKEd4cJHtWNblmaa7WBOk929e5D4vxnLmdoUn15R
www.railcard.co.uk/	1970-01-20 19:57:24	Name: AWSALBCORS Value: 6KoltURm1bU+mY27K8jkGghCXEk/rIpKTmqec8mjjw+OCa8T3BnVWn8JSJfoHWOuyu9pr//+Ru5Rd/CuU3piPKEd4cJHtWNblmaa7WBOk929e5D4vxnLmdoUn15R
.railcard.co.uk/	1969-12-31 23:59:59	Name: _wt.mode-2467710 Value: WT3dYz-eI8KGeY~
.railcard.co.uk/	1970-01-20 21:56:55	Name: _wt.user-2467710 Value: WT3pzSOeYLbtp1k1ZCqes_IOa0luvVjE2dEpp_yaUHCRSVPuI1Mf2K94vfi2RAVD1X91snoEl1vf-VwOn_IfE6908lNm4OzBn-Joiwr28iut9I~
.railcard.co.uk/	1970-01-21 04:32:55	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Apr+11+2024+14%3A50%3A07+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202402.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=de9f96e3-495f-4aa5-9d50-fa00e1838f10&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.railcard.co.uk%2F&groups=C0001%3A1%2CC0004%3A0%2CC0005%3A0%2CC0003%3A0%2CC0002%3A0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.railcard.co.uk/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' .google.com .visualwebsiteoptimizer.com .azurewebsites.net .webtrends-optimize.com .onetrust.com .luckyorange.com .googlesyndication.com .googleoptimize.com .hotjar.io .smct.co .snapchat.com .clicktripz.com .hotjar.com .quantcount.com .bing.com .cookielaw.org .doubleclick.net .tiktok.com .google-analytics.com .facebook.com https://.eu-west-1.amazonaws.com .smct.io https://smct.co ws:; frame-src 'self' .google.com .snapchat.com .frase.io .doubleclick.net .adsrvr.org .smct.io .smct.co .cloudfront.net .facebook.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' .gstatic.com .google.com .webtrends-optimize.com .roeyecdn.com .luckyorange.com .googleoptimize.com https://sc-static.net .snapchat.com .clicktripz.com .bing.com .quantserve.com .quantcount.com .adnxs.com .visualwebsiteoptimizer.com .facebook.net .googletagmanager.com .google-analytics.com .frase.io .hotjar.com .cookielaw.org .adsrvr.org .uniqodo.com .tiktok.com https://smct.co .smct.co .smct.io .marketinghub.opentext.com .dwin1.com .googletagservices.com .doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' .cookielaw.org .googlesyndication.com .awin1.com .zenaps.com .roeye.com .gwallet.com .googleoptimize.com .daysoutguide.co.uk .clicktripz.com .railcard.co.uk https://railcard.qstest.zone .railcard.co.uk.qs .quantserve.com .bing.com .marketinghub.opentext.com .doubleclick.net .visualwebsiteoptimizer.com .google-analytics.com .google.com .googletagmanager.com .facebook.com .google.co.uk .smct.io .smct.co; font-src 'self' .smct.co .gstatic.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
c.webtrends-optimize.com
cdn.cookielaw.org
connect.facebook.net
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
fonts.gstatic.com
ots.webtrends-optimize.com
pagead2.googlesyndication.com
region1.google-analytics.com
script.hotjar.com
static.hotjar.com
vc.hotjar.io
www.google-analytics.com
www.googletagmanager.com
www.railcard.co.uk
13.107.246.67
13.32.27.107
142.250.185.66
18.66.102.53
18.66.112.79
20.54.140.8
2001:4860:4802:32::36
2600:9000:214f:4200:f:6e6b:4bc0:93a1
2606:4700::6813:b234
2a00:1450:4001:806::200e
2a00:1450:4001:80b::200a
2a00:1450:4001:810::2002
2a00:1450:4001:811::2003
2a00:1450:4001:831::2008
2a03:2880:f084:105:face:b00c:0:3
34.96.102.137
059d1519bceb8b78f432b78ff1877bcbe472d3958f00f67f65357d85b090996d
063d293db93cc2b01f361e449ebc8624bbbaf25bb025f561787b7043e45893fb
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0d2f56cc236ca14b506efcc7f2d00b3b8c8fd6e4199ad0860312420879e13a70
0f28f8ef3c65ede1c3171b6e44188fca93e15b53d362d0bbb9a22c93d3f73fdd
1141c528b4294728f07c80466f3c154e23c2d18ff4f6ab33bd653e2b9182fe16
12332dee21c4eb323b55fafe8dbea2e85d0392d159309c8b31d3d9b66004b678
1f672e387d66697b419d99b5478f8763a7ce6efc23744c909e34cfff22c112e8
249f5da01a64c4809b00baa1f828e663e91a52268689c84332b5157ee96ee1a9
261f866e9086a3c65cd336636a04bf9b07a137a4f5f31c2640a75277706131c4
2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558
35c69b62c449de910d8881d17c7768be9ad2add2d1ade8331249cbdbd7778087
39b469cdc30976d36f7a11b28db94724c4716f7b1fbc62af5cbdd9cbf5c777e8
51dfbad7e1a227d3935016e5c4190e5e46e03daa4b249e5ded55f54235efbd7a
52bf76788a74adae05d7df31866aab58cca218df49a9e8d2f729f9f3f8935167
52f1233839cfff18a68a8d0f2829e687b7a90160340fd400abd4852e6e9744b8
55f1919a1b0079338dca307fe0f58c6614b755007f20535eacd425e18b5e7fc3
5899a77dd175be9abd8587e5baf1febe4200becb4a968a868f9af7ba46d3e6b5
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
61326030078c85bdcf796d2fea9d42da7ac31c372d578c2477f1e0b871d131c0
665c7a756cf287ab25f816844f862ef0d7b40b6814155753fedeac05b2838502
682a85f055e9a29d54443d05a1f818e58a98b8a63f647cde307b123675e389de
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6c2df53da3e3b33ed17a5110b271a40c6a7ab692962572ee990a6e78c4205870
6cf5e54c11d9eae60b1d3d3d28bf9b1f1818314cf0ab70683793e3553e568633
6d7862bf800a2eaef0667730a77ae413a5f636c2779304c95089b886edfc4023
7d6aec983395576fd5fcf9495a2c158ef18ae39ec7a0f16f48d4a87af2f10781
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
877711b8f65253df133056e24498822b6f574d5aacdf81289c5ae1e124a81231
89ee2ab509e3c2cc072fe273d7b6b2306e54ef9cce97084cc33340da80a4413c
89f7f501a58575cab50a36a9d89ffae0804db9d7d33c8ae14f0d1f838464b737
8fc70c702b054dc028af1b7349d7e389940bd96deba97c442dafaf182cf77473
9255da877744044190c59123d34ee16085edd915857e368fb03c890e0fcf895b
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98606007af627011b2bbbe2b8cc702076c62c35f7bf3678599c2525b4e6923d7
9b8dafd4bfea3e3a76848764a28777992445a4efdd9b6d94983b160294af087b
9c5a0bfa12ecb8af4d7cab024b02f4e4ab07a7903ff7c579b01ad5d6fc8ca2ab
9ecea7beaceed220c95ce98b8e2c07ea87639c2ab3ecbd7697e55b6f88dcd3c5
a09ab398326cf3cee987abcd5c83ff221f4f9e0a016914d24e203f50db526f4f
a14ddd84ab7de9e4d1fa2577d1a19c1c1c16015f4922a577cd66343c80becd75
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a4001f8e5145459c2ba1891ef1e2783d3a9a2782e818e5e5a77d03f4ad8a1ad8
a70b993e6415ddfd66ea6ee209e3ab2fa3f88b0d3e4329aec59cffedf2c32db6
b5fd726918691c8a36c67fa0a25a539f5fa2ab0a8920b89f7f7eba073b600ed1
b9cf6e79910021b6f19c573ab7d24196aecbbad710e25221fe550140983525b3
bf46e10b01206575bb37935fd42d160a93732b3e1633d25b935c13989e6f4e54
c268f7fe327d270846eab42d5eadac7c8f1dff23b9e814f0a5252c0316acef73
c31442b879547832b4be9f1f303f602fded56ccc26d3e738da25ac00ea72e5be
c9831e3390502bc4d37249e29543d74b005c213759dbcb49ceea2785a063e872
cd56e4d6e7a06541abdc2fab4cc26895fd0ce7bae3721219e6033fdf2396fc8b
ceba1252151d6c4f3a9f8358be9dd0fc24c354fa079347ef68770b391d4157ff
cfd886a01f6af8332fc28434bfeb5fb5c29e3417d31b0f8d52c1fd60bafafba8
d077b0d54b2b766d4aac41096daef8f55d4227e744d8a8ffc35ae6ea370788b5
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d85cae719ddf5689fa2ebefcfb9b4ac8296ecd3029b32e4a68004d70427da7e1
d8b64cab6468421b5fcb82d2d0456b3cafa8f098997edcc3a37bf8330de8fe49
db2868fc186004df16aa32817e55fef623c100e1a9709d4f34f9bfb9902ec5cb
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de84e4bb21e1ae8163dd8707a87f30eabec808ba086f3ab391e2c86f6b597899
e13459cc9814939bcc0d0c32f2a24fb696b049895fa5993fb7b6b4327219a5c8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e688ad0c9db2eb2cf61095061809d0b66bb129ab5fbcfeeb47c24802b55bc4da
eb359c78db8bd1947efef927f5ea66e409803fecfb742825d6e70ffab1247fb9
eb406fb33af2fea4c61d0a20b79c9d41e8a3ad4ec72a3e9adb2cdc473696249d
ec532fd6796d7e59e9cf5efbdef57c4e7761712750d99145550020ac0c7a5a23
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f4d733d851b4bde7961422306f9ca2cdb621a2ccd03290def9dcf0dedfa2c7b7
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7ee80bc0a4cad4a98425f6635027275e88ae0b4f4ca6b0e244ab300aebe0006
fa79e09a3a9abc3c73b9a503b49fde2c775bb32242e16e011ef6ad811e46c6e5
fa8cabe3021c19ba54e07d28a7722cd4bfdef39dea07207518113f7e161166bb
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

www.railcard.co.uk Open in urlscan Pro 2600:9000:214f:4200:f:6e6b:4bc0:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

83 Requests

98 %HTTPS

56 %IPv6

12 Domains

16 Subdomains

16 IPs

3 Countries

1340 kBTransfer

3818 kBSize

10 Cookies

16 Outgoing links

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.railcard.co.uk Open in urlscan Pro
2600:9000:214f:4200:f:6e6b:4bc0:93a1 Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

98 %
HTTPS

56 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

1340 kB
Transfer

3818 kB
Size

10
Cookies

83 HTTP transactions
0 data transactions