urlscan.io logo urlscan.io
SecurityTrails logo

portalapl.csr24.co.uk Open in urlscan Pro
209.15.27.149  Public Scan

Go To Rescan Add Verdict Report
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Submission: On May 28 via api from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 209.15.27.149, located in Havant, United Kingdom and belongs to APPLIEDUK-CLOUD-04, US. The main domain is portalapl.csr24.co.uk.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on November 20th 2022. Valid for: 7 months.
This is the only time portalapl.csr24.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 209.15.27.149 4892 (APPLIEDUK...)
13 1
Apex Domain
Subdomains		 Transfer
13 csr24.co.uk
portalapl.csr24.co.uk
913 KB
13 1
Domain Requested by
13 portalapl.csr24.co.uk portalapl.csr24.co.uk
13 1

This site contains links to these domains. Also see Links.

Domain
www.aplan.co.uk
blog.aplan.co.uk
Subject Issuer Validity Valid
*.csr24.co.uk
GlobalSign RSA OV SSL CA 2018		 2022-11-20 -
2023-07-02		 7 months crt.sh

This page contains 1 frames:

Primary Page: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Frame ID: 91BC0E3DA0049FCAA2269AC8C8E58ACC
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

A Plan Holdings

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

913 kB
Transfer

992 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
portalapl.csr24.co.uk/mvc/ 		8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
8a3691340909bcd9356c03d1376f93589b367c2b12a69f44187d1e62a1362c26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
private,no-cache, no-store
Content-Length
7708
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
text/html; charset=utf-8
Date
Sun, 28 May 2023 07:17:47 GMT
Expires
0
Pragma
no-cache
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
superfish.css
portalapl.csr24.co.uk/mvc/Content/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Content/superfish.css
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
fbc6eb75cca4a9f2726ecfd958d744ec0fcaedf6887abfb0ce625ffe35c87921
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Aug 2021 00:07:44 GMT
ETag
"08880b9a09bd71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
text/css
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
1025
X-XSS-Protection
1; mode=block
Expires
0
Login_2020.css
portalapl.csr24.co.uk/mvc/Content/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Content/Login_2020.css
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
ea6e769030700c70f77ee6792671dd93d9fc4e40f7389c788918e737c819c4d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 29 Nov 2021 10:50:44 GMT
ETag
"01a64f5ee5d71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
text/css
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
1515
X-XSS-Protection
1; mode=block
Expires
0
Login_2021.css
portalapl.csr24.co.uk/mvc/Content/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Content/Login_2021.css
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
e1bf405d7688f2b0597bb5ef1154843e08b87c191fc0da0126910fd9244d2797
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 01 Dec 2021 08:32:22 GMT
ETag
"0efd6f58de6d71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
text/css
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
1113
X-XSS-Protection
1; mode=block
Expires
0
StyleSheet_2021.css
portalapl.csr24.co.uk/mvc/Content/Insured/ 		15 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Content/Insured/StyleSheet_2021.css?1
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
c5a6d7701509f70be8b5242e08fc2e5f8452f82983a5ea3bb5b2a0506f1a5b6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 01 Dec 2021 08:32:22 GMT
ETag
"0efd6f58de6d71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
text/css
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
3493
X-XSS-Protection
1; mode=block
Expires
0
jquery-3.2.1.min.js
portalapl.csr24.co.uk/mvc/Scripts/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Scripts/jquery-3.2.1.min.js
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Aug 2021 00:03:00 GMT
ETag
"0923910a09bd71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
30230
X-XSS-Protection
1; mode=block
Expires
0
jquery-migrate-3.0.1.min.js
portalapl.csr24.co.uk/mvc/Scripts/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Scripts/jquery-migrate-3.0.1.min.js
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
1589fc7479100b06d2da4d7457313104228fb0403aa9129e269306667df52039
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Aug 2021 00:03:00 GMT
ETag
"0923910a09bd71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
3498
X-XSS-Protection
1; mode=block
Expires
0
jquery.placeholder.js
portalapl.csr24.co.uk/mvc/Scripts/ 		651 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Scripts/jquery.placeholder.js
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
accc9562ef4013f338211e9dd3c5089956470e0c2997978a96783cb08e942291
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Aug 2021 00:03:00 GMT
ETag
"0923910a09bd71:0"
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
651
X-XSS-Protection
1; mode=block
Expires
0
superfish.js
portalapl.csr24.co.uk/mvc/Scripts/Shared/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Scripts/Shared/superfish.js
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
0426802f1386818022cdd44053713ac6cb1f772f133c2d4c0108ce81b1f094b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Aug 2021 00:03:14 GMT
ETag
"0cd9118a09bd71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
2354
X-XSS-Protection
1; mode=block
Expires
0
svg4everybody.js
portalapl.csr24.co.uk/mvc/Scripts/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalapl.csr24.co.uk/mvc/Scripts/svg4everybody.js
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
4eb0ee251cdee2eac80de870f7f40058d66694f273c567d5809561c44b21ea9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Aug 2021 00:07:44 GMT
ETag
"08880b9a09bd71:0"
Vary
Accept-Encoding
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
1976
X-XSS-Protection
1; mode=block
Expires
0
logo_en.png
portalapl.csr24.co.uk/users/400220544/images/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portalapl.csr24.co.uk/users/400220544/images/logo_en.png
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
Microsoft-IIS/10.0 /
Resource Hash
fb28a778edc34497ef3a3b4704ae398132ea8739211bd1c7a108969ff4bab03c

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Last-Modified
Mon, 17 Jan 2022 15:32:37 GMT
Server
Microsoft-IIS/10.0
ETag
"73bcf874b7bd81:0"
Content-Type
image/png
p3p
CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store
Accept-Ranges
bytes
Content-Length
41084
Expires
0
loginAd278174750_en-GB.PNG
portalapl.csr24.co.uk/users/400220544/images/ 		806 KB
806 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portalapl.csr24.co.uk/users/400220544/images/loginAd278174750_en-GB.PNG
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
Microsoft-IIS/10.0 /
Resource Hash
abdd127e05659642cad8768c1a5d3307837b97f7c7eede54947082b547cdbb56

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/?Success=https://portalapl.csr24.co.uk/mvc/policy/search?Url=/mvc/policy/display
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
Last-Modified
Fri, 03 Apr 2020 15:50:13 GMT
Server
Microsoft-IIS/10.0
ETag
"35bd990cf9d61:0"
Content-Type
image/png
p3p
CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store
Accept-Ranges
bytes
Content-Length
825104
Expires
0
DropDown.png
portalapl.csr24.co.uk/mvc/Content/Images/ 		372 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portalapl.csr24.co.uk/mvc/Content/Images/DropDown.png
Requested by
Host: portalapl.csr24.co.uk
URL: https://portalapl.csr24.co.uk/mvc/Content/superfish.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.15.27.149 Havant, United Kingdom, ASN4892 (APPLIEDUK-CLOUD-04, US),
Reverse DNS
wpt01.csr24.co.uk
Software
/
Resource Hash
67cfccaa0623389b3890c3661790e2a59f716fe10e10d8d2726b5518759d5482
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://portalapl.csr24.co.uk/mvc/Content/superfish.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 28 May 2023 07:17:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Aug 2021 23:44:42 GMT
ETag
"011c4819d9bd71:0"
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.csr24.com *.chatra.io https://cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.intercom.io *.intercomcdn.com *.twitter.com *.twimg.com *.purechat.com *.purechatcdn.com *.livechatinc.com *.smooch.io www.snapengage.com *.jquery.com *.fontawesome.com *.intercom.io *.gstatic.com *.providesupport.com *.liveperson.net *.clickdesk.com https://cdn.jsdelivr.net *.amplitude.com *.force.com *.salesforce.com *.salesforceliveagent.com *.appliedsystems.com ; frame-src 'self' *.facebook.com *.twitter.com *.csr24.com *.salesforce.com service.force.com https://apl.csr24.co.uk https://secure.payconex.net https://api.epaypolicy.com https://pay.realexpayments.com https://live.sagepay.com https://payments.worldnettps.com; report-uri /mvc/Logging/ContentSecurityPolicy
Content-Type
image/png
Cache-Control
public, max-age=86400
Accept-Ranges
bytes
Content-Length
372
X-XSS-Protection
1; mode=block
Expires
0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| svg4everybody function| ToggleLoginOptions

1 Cookies

Domain/Path Name / Value
portalapl.csr24.co.uk/ Name: __RequestVerificationToken_L212Yw2
Value: X5ULEFmF_1I_1X45DU_TsBSIySRdeqHVfSbLzWzLTiPFSmrjM-kze99Bo33f82tivFtZaK8s72TvV5sAu6H3gtvxo8u_wI42dAeprBvoxPw1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block