photocard.tfl.gov.uk Open in urlscan Pro
104.16.97.104 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://photocard.tfl.gov.uk/
Effective URL:
https://photocard.tfl.gov.uk/
Submission: On April 23 via manual (April 23rd 2024, 11:56:40 pm UTC) from GB — Scanned from GB

Summary HTTP 16 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 104.16.97.104, located in and belongs to CLOUDFLARENET, US. The main domain is photocard.tfl.gov.uk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 10th 2023. Valid for: a year.

This is the only time photocard.tfl.gov.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	104.16.97.104 104.16.97.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.98.104 104.16.98.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:170... 2a02:26f0:1700:11::b856:6785	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:886::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
16	5

11 104.16.97.104 (None, )

ASN13335 (CLOUDFLARENET, US)

photocard.tfl.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.98.104 (None, )

ASN13335 (CLOUDFLARENET, US)

photocard-api.tfl.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:11::b856:6785 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:886::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	tfl.gov.uk photocard.tfl.gov.uk photocard-api.tfl.gov.uk — Cisco Umbrella Rank: 766416	1 MB
3	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4106 consentcdn.cookiebot.com — Cisco Umbrella Rank: 4796	129 KB
16	2

	Domain	Requested by
11	photocard.tfl.gov.uk	photocard.tfl.gov.uk
2	consent.cookiebot.com	photocard.tfl.gov.uk consent.cookiebot.com
2	photocard-api.tfl.gov.uk	photocard.tfl.gov.uk
1	consentcdn.cookiebot.com	consent.cookiebot.com
16	4

This site contains links to these domains. Also see Links.

Domain
tfl.gov.uk

Subject Issuer	Validity	Valid
tfl.gov.uk Cloudflare Inc ECC CA-3	`2023-10-10` - `2024-10-09`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://photocard.tfl.gov.uk/
Frame ID: 03E0BBBFD46909C9D9F84BCB942CAE66
Requests: 16 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: D92FD794352F735ECC083A5A52D14752
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in | Transport for London

Page URL History Show full URLs

http://photocard.tfl.gov.uk/ HTTP 307
https://photocard.tfl.gov.uk/ Page URL

Detected technologies

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

4
Subdomains

5
IPs

2
Countries

1191 kB
Transfer

4421 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://tfl.gov.uk/corporate/privacy-and-cookies/cookies
Title: Find out more about our cookies and how to manage your settings

Search URL Search Domain Scan URL

URL: https://tfl.gov.uk/help-and-contact/
Title: Contact us

Search URL Search Domain Scan URL

URL: https://tfl.gov.uk/corporate/terms-and-conditions/
Title: Terms & conditions

Search URL Search Domain Scan URL

URL: https://tfl.gov.uk/corporate/privacy-and-cookies/
Title: Privacy & cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://photocard.tfl.gov.uk/ HTTP 307
https://photocard.tfl.gov.uk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
photocard.tfl.gov.uk/
Redirect Chain

http://photocard.tfl.gov.uk/
https://photocard.tfl.gov.uk/

10 KB
5 KB

213ms
114ms

Document
text/html

104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9ab56783bcea07a7ebac7b17b41ada901cd6c92324c2454d814328653aeb50c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8791ca81db78dd64-LHR
content-encoding: gzip
content-type: text/html
date: Tue, 23 Apr 2024 23:56:35 GMT
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Location: https://photocard.tfl.gov.uk/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 rSUs7emVimrui1kJk7ctnzLrlfo.js Show response
photocard.tfl.gov.uk/cdn-cgi/apps/head/ 5 KB
2 KB 66ms
65ms Script
application/javascript 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/cdn-cgi/apps/head/rSUs7emVimrui1kJk7ctnzLrlfo.js

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2609de6d0eb3622600b4c5881ef6bb328596b8956445cad857be43e06d1ed6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:35 GMT
content-encoding: gzip
x-amz-version-id: IvtdDU5tFmbAt1WnylLC1OcHZQzklpmC
cf-cache-status: HIT
strict-transport-security: max-age=31536000
x-amz-request-id: CZW3X5PYDSXX9FC8
age: 1125958
content-length: 1582
x-amz-id-2: LrPWEc2J4PGddeSIMeAt0+sHHignBK9YWB+kKE5tcUhqMe1YPX6dhhC89O9NhD5GH8pH5tGTLHw=
last-modified: Tue, 27 Nov 2018 12:27:22 GMT
server: cloudflare
etag: "543ebc9b360887261064c10e3e8d7574"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8791ca829c60dd64-LHR

GET
H2 200 semantic.min.387c5700.css
photocard.tfl.gov.uk/static/css/ 454 KB
72 KB 80ms
79ms Stylesheet
text/css 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d018fa4775d3487b7814ecb37ac0cc2670af8bdad964906f9eb794447aa2c0f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 331
cf-polished: origSize=465358
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
etag: W/"6597e080-719ce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cf-ray: 8791ca829c57dd64-LHR

GET
H2 200 styles.min.955c52d9.css
photocard.tfl.gov.uk/static/css/ 16 KB
4 KB 64ms
64ms Stylesheet
text/css 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/static/css/styles.min.955c52d9.css

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69d9bf655b2bb41ec55107769abb4f8fb9c26f1240efbab9094672614ddab387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5207
cf-polished: origSize=16410
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
etag: W/"6597e080-401a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cf-ray: 8791ca829c5cdd64-LHR

GET
H2 200 WpKF0Tdo9EZZ1RX5MARAhGi2xsM.js Show response
photocard.tfl.gov.uk/cdn-cgi/apps/body/ 8 KB
3 KB 62ms
61ms Script
application/javascript 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/cdn-cgi/apps/body/WpKF0Tdo9EZZ1RX5MARAhGi2xsM.js

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/cdn-cgi/apps/head/rSUs7emVimrui1kJk7ctnzLrlfo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

550f8afd5345b201934753f86b132b938d58be46ca90b5af43b911712bdf554d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:35 GMT
content-encoding: gzip
x-amz-version-id: hGRgBv6273gpGrtrV2r9a929tuhXRXir
cf-cache-status: HIT
strict-transport-security: max-age=31536000
x-amz-request-id: 1HTZ5T5YZWDZXSWM
age: 1125975
content-length: 3194
x-amz-id-2: zbciQayTuYySJSzZApJBdAmaW0Sh+IfKSxUjhfpMbymYmdIOGYGgrvym74VWeNGkr+xf8UI/Z6c=
last-modified: Tue, 27 Nov 2018 12:27:21 GMT
server: cloudflare
etag: "c6056f996bf18d3eda7fab9f77e4ad7e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8791ca830cfcdd64-LHR

GET
H2 200 vendor-bundle-423bd95d66.js Show response
photocard.tfl.gov.uk/scripts/ 2 MB
649 KB 69ms
68ms Script
application/javascript 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/scripts/vendor-bundle-423bd95d66.js

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3025982645ab14efd6da9a625248a204b01c3684a7931181c1e09482a0b55f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
cf-cache-status: HIT
age: 6586
etag: W/"6597e080-2790ee"
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8791ca831d16dd64-LHR
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 3 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2 200 opensans-regular.woff
photocard.tfl.gov.uk/static/fonts/ 97 KB
97 KB 74ms
73ms Font
font/woff 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/static/fonts/opensans-regular.woff

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb1a51b7c4a81e44fe7ccf497c204e99cf3b3f7ed6b3aa8ac0c8e68def62ebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM *

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css
Origin: https://photocard.tfl.gov.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:35 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1125976
content-length: 99416
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
etag: "6597e080-18458"
x-frame-options: ALLOW-FROM *
access-control-allow-methods: GET, POST, OPTIONS
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2592000, public
access-control-allow-credentials: true
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8791ca839d8ddd64-LHR
expires: Fri, 10 May 2024 23:10:19 GMT

GET
H2 200 favicon.ico
photocard.tfl.gov.uk/static/images/favicon/ 318 B
217 B 101ms
101ms Other
image/x-icon 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/static/images/favicon/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6cf30502863cb5dc8c752c6c80079102fd946fce159219871dc9c94c926d420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:36 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
cf-cache-status: HIT
age: 6199
etag: W/"6597e080-13e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/x-icon
content-encoding: gzip
cf-ray: 8791ca852eccdd64-LHR
x-xss-protection: 1; mode=block

GET
H2 200 app-bundle-ed616d7db5.js Show response
photocard.tfl.gov.uk/scripts/ 723 KB
158 KB 68ms
68ms Script
application/javascript 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/scripts/app-bundle-ed616d7db5.js

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/scripts/vendor-bundle-423bd95d66.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d50de6e6d42881c5cdecc3b8509b4c212cdbd1bf7e476d0f12c485950864924

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
cf-cache-status: HIT
age: 691
etag: W/"6597e080-b4cd0"
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8791ca852ecedd64-LHR
x-xss-protection: 1; mode=block

GET
H2 200 configuration Show response
photocard-api.tfl.gov.uk/v1/ 80 KB
18 KB 92ms
92ms Fetch
application/json 104.16.98.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard-api.tfl.gov.uk/v1/configuration?filter=domainAddress:eq:photocard.tfl.gov.uk

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/scripts/vendor-bundle-423bd95d66.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.98.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa4c102cf2d16056acc31880669c02aaaac6d05a4d0f5d2af4533c28c04469b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Tenant-Scheme-Name
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Novacroft-Tenant-ID
Novacroft-Global-Transaction-Reference: 0b7f93b9-71b3-49af-a64b-1b2a0036f92e
Referer: https://photocard.tfl.gov.uk/
Novacroft-Security-Token
Novacroft-Web-Account-ID
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:36 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:502170f0-7957-412e-a541-f71c5bcbe69c
pragma: no-cache
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: https://photocard.tfl.gov.uk
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 8791ca883968769b-LHR
expires: 0

OPTIONS
H2 200 configuration
photocard-api.tfl.gov.uk/v1/ Frame 0
0 284ms
108ms Preflight 104.16.98.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard-api.tfl.gov.uk/v1/configuration?filter=domainAddress:eq:photocard.tfl.gov.uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.98.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: novacroft-global-transaction-reference,novacroft-security-token,novacroft-tenant-id,novacroft-web-account-id,tenant-scheme-name
Access-Control-Request-Method: GET
Origin: https://photocard.tfl.gov.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: novacroft-global-transaction-reference, novacroft-security-token, novacroft-tenant-id, novacroft-web-account-id, tenant-scheme-name
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT,DELETE
access-control-allow-origin: https://photocard.tfl.gov.uk
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8791ca87792c769b-LHR
content-length: 0
date: Tue, 23 Apr 2024 23:56:36 GMT
expires: 0
pragma: no-cache
request-context: appId=cid-v1:502170f0-7957-412e-a541-f71c5bcbe69c
server: cloudflare
strict-transport-security: max-age=31536000
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 109 KB
34 KB 232ms
59ms Script
application/javascript 2a02:26f0:1700:11::b856:6785
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/scripts/app-bundle-ed616d7db5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6dec01698bd7318ccee3dae6e824f02ff358d309dbe5a97f21b70a726c903421

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Tue, 23 Apr 2024 23:56:36 GMT
content-encoding: gzip
last-modified: Mon, 15 Apr 2024 08:18:48 GMT
etag: "9a398f8ad8fda1:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=1006
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 34251
expires: Wed, 24 Apr 2024 00:13:22 GMT

GET
DATA 200
OK truncated
/ 474 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ac7f1404f759722e75f4221e8903e8c48f9a199b8c57357e1e6e1b0f5060051

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Johnston100W03-Light.woff
photocard.tfl.gov.uk/static/fonts/ 26 KB
26 KB 67ms
66ms Font
font/woff 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/static/fonts/Johnston100W03-Light.woff

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

365ca20d680d00e6bf86cf0e93197e9f9cc28c0030714387389ae9d8f8b78114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM *

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css
Origin: https://photocard.tfl.gov.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:36 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1125971
content-length: 26530
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
etag: "6597e080-67a2"
x-frame-options: ALLOW-FROM *
access-control-allow-methods: GET, POST, OPTIONS
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=2592000, public
access-control-allow-credentials: true
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8791ca89da33dd64-LHR
expires: Fri, 10 May 2024 23:10:25 GMT

GET
H2 200 Johnston100W03-Regular.woff
photocard.tfl.gov.uk/static/fonts/ 25 KB
26 KB 76ms
75ms Font
font/woff 104.16.97.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://photocard.tfl.gov.uk/static/fonts/Johnston100W03-Regular.woff

Requested by

Host: photocard.tfl.gov.uk
URL: https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.97.104 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d5de822bc5436677776a769cd303c4a3358408dee5d2a4ea349bb183a9afd71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM *

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/static/css/semantic.min.387c5700.css
Origin: https://photocard.tfl.gov.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:36 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1125971
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=CHytaXBJn7thPVaI8KoVFIX6fX4Q6A9RZbBhh_DOWME-1713916596-1.0.1.1-y5Fpy84xKW0qn0SjiO9n_3PdkhOd_Qq3ryqP0kEo0tmQz1fAo37eN8x0IJAG5Y1fLiI3x0miCgRXq.LM4aj.goYh9TjqOOAjwHcxDHekI3O_304mVfJ5w1RkXpXxxhpw273oIBPynWmFNlItWT13XumlF5UqpIdVGs1MpNnzG8k; report-to cf-csp-endpoint
content-length: 25556
last-modified: Fri, 05 Jan 2024 10:57:04 GMT
server: cloudflare
etag: "6597e080-63d4"
x-frame-options: ALLOW-FROM *
access-control-allow-methods: GET, POST, OPTIONS
content-type: font/woff
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=CHytaXBJn7thPVaI8KoVFIX6fX4Q6A9RZbBhh_DOWME-1713916596-1.0.1.1-y5Fpy84xKW0qn0SjiO9n_3PdkhOd_Qq3ryqP0kEo0tmQz1fAo37eN8x0IJAG5Y1fLiI3x0miCgRXq.LM4aj.goYh9TjqOOAjwHcxDHekI3O_304mVfJ5w1RkXpXxxhpw273oIBPynWmFNlItWT13XumlF5UqpIdVGs1MpNnzG8k"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control: max-age=2592000, public
access-control-allow-credentials: true
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8791ca89da34dd64-LHR
expires: Fri, 10 May 2024 23:10:25 GMT

GET
H2 200 bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame D92F 0
0 177ms
54ms Document
text/html 2a02:26f0:3500:886::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:886::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://photocard.tfl.gov.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: max-age=30056825
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 23 Apr 2024 23:56:37 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Sun, 06 Apr 2025 21:03:42 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1713916597239_388276619_1160332771_21_728_52_55_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cc.js Show response
consent.cookiebot.com/e601acc6-2e6f-4bed-a826-046477b39b61/ 332 KB
95 KB 97ms
96ms Script
application/x-javascript 2a02:26f0:1700:11::b856:6785
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/e601acc6-2e6f-4bed-a826-046477b39b61/cc.js?renew=false&referer=photocard.tfl.gov.uk&dnt=false&init=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 60303c37d6f2ded40b4af35dff0ab93c8abfec16dda4c0da85d26cef708f4e64

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://photocard.tfl.gov.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:56:37 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2024 23:56:37 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.tfl.gov.uk/	1969-12-31 23:59:59	Name: _cfuvid Value: 0WjtJkg8kO4Xpxh8VdJAyo204x6KVsAgUC5FqyHIrC8-1713916595559-0.0.1.1-604800000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://photocard.tfl.gov.uk/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

consent.cookiebot.com
consentcdn.cookiebot.com
photocard-api.tfl.gov.uk
photocard.tfl.gov.uk
104.16.97.104
104.16.98.104
2a02:26f0:1700:11::b856:6785
2a02:26f0:3500:886::f09
3025982645ab14efd6da9a625248a204b01c3684a7931181c1e09482a0b55f2c
365ca20d680d00e6bf86cf0e93197e9f9cc28c0030714387389ae9d8f8b78114
3d5de822bc5436677776a769cd303c4a3358408dee5d2a4ea349bb183a9afd71
4ac7f1404f759722e75f4221e8903e8c48f9a199b8c57357e1e6e1b0f5060051
550f8afd5345b201934753f86b132b938d58be46ca90b5af43b911712bdf554d
5d50de6e6d42881c5cdecc3b8509b4c212cdbd1bf7e476d0f12c485950864924
5fa4c102cf2d16056acc31880669c02aaaac6d05a4d0f5d2af4533c28c04469b
60303c37d6f2ded40b4af35dff0ab93c8abfec16dda4c0da85d26cef708f4e64
69d9bf655b2bb41ec55107769abb4f8fb9c26f1240efbab9094672614ddab387
6dec01698bd7318ccee3dae6e824f02ff358d309dbe5a97f21b70a726c903421
8cb1a51b7c4a81e44fe7ccf497c204e99cf3b3f7ed6b3aa8ac0c8e68def62ebc
a6cf30502863cb5dc8c752c6c80079102fd946fce159219871dc9c94c926d420
c2609de6d0eb3622600b4c5881ef6bb328596b8956445cad857be43e06d1ed6b
d018fa4775d3487b7814ecb37ac0cc2670af8bdad964906f9eb794447aa2c0f7
e9ab56783bcea07a7ebac7b17b41ada901cd6c92324c2454d814328653aeb50c
ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0

photocard.tfl.gov.uk Open in urlscan Pro 104.16.97.104 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

2 Domains

4 Subdomains

5 IPs

2 Countries

1191 kBTransfer

4421 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

photocard.tfl.gov.uk Open in urlscan Pro
104.16.97.104 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

4
Subdomains

5
IPs

2
Countries

1191 kB
Transfer

4421 kB
Size

1
Cookies

16 HTTP transactions
2 data transactions