URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Submission: On March 26 via api from US — Scanned from DE

Summary

This website contacted 23 IPs in 3 countries across 19 domains to perform 69 HTTP transactions. The main IP is 18.173.187.90, located in United States and belongs to AMAZON-02, US. The main domain is checkout.headspace.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on July 10th 2023. Valid for: a year.
This is the only time checkout.headspace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 18.173.187.90 16509 (AMAZON-02)
11 2606:4700::68... 13335 (CLOUDFLAR...)
4 18.173.154.63 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 35.186.249.72 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.245.31.88 16509 (AMAZON-02)
2 2a04:4e42::645 54113 (FASTLY)
6 34.128.128.0 396982 (GOOGLE-CL...)
1 2600:9000:224... 16509 (AMAZON-02)
2 18.245.31.21 16509 (AMAZON-02)
10 146.75.122.49 54113 (FASTLY)
2 2a04:4e42:200... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.33.158.75 16509 (AMAZON-02)
1 52.222.139.118 16509 (AMAZON-02)
1 2600:9000:205... 16509 (AMAZON-02)
2 2600:9000:26d... 16509 (AMAZON-02)
4 2600:9000:26d... 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.181.227 15169 (GOOGLE)
1 34.120.195.249 396982 (GOOGLE-CL...)
69 23
Apex Domain
Subdomains
Transfer
19 headspace.com
checkout.headspace.com
static.headspace.com — Cisco Umbrella Rank: 568579
location.prod.headspace.com — Cisco Umbrella Rank: 716621
api.prod.headspace.com — Cisco Umbrella Rank: 96475
726 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 457
170 KB
10 contentful.com
cdn.contentful.com — Cisco Umbrella Rank: 9073
42 KB
4 statsigapi.net
events.statsigapi.net — Cisco Umbrella Rank: 9416
126 B
4 ctfassets.net
images.ctfassets.net — Cisco Umbrella Rank: 4151
7 KB
4 mparticle.com
jssdkcdns.mparticle.com — Cisco Umbrella Rank: 8327
identity.mparticle.com — Cisco Umbrella Rank: 2946
jssdks.mparticle.com — Cisco Umbrella Rank: 7663
756 KB
3 branch.io
cdn.branch.io — Cisco Umbrella Rank: 877
api2.branch.io — Cisco Umbrella Rank: 926
24 KB
2 featuregates.org
featuregates.org — Cisco Umbrella Rank: 11807
2 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 108
205 KB
1 sentry.io
o28532.ingest.sentry.io — Cisco Umbrella Rank: 340007
339 B
1 google.de
www.google.de — Cisco Umbrella Rank: 4335
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 203
258 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2156
258 B
1 app.link
app.link — Cisco Umbrella Rank: 3539
633 B
1 amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 4575
27 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
21 KB
1 zuora.com
static.zuora.com — Cisco Umbrella Rank: 112235
6 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 899
303 B
1 impactradius-event.com
d.impactradius-event.com — Cisco Umbrella Rank: 4199
15 KB
69 19
Domain Requested by
12 checkout.headspace.com checkout.headspace.com
11 cdn.cookielaw.org checkout.headspace.com
cdn.cookielaw.org
10 cdn.contentful.com checkout.headspace.com
4 events.statsigapi.net checkout.headspace.com
4 images.ctfassets.net checkout.headspace.com
4 static.headspace.com checkout.headspace.com
2 api2.branch.io checkout.headspace.com
2 identity.mparticle.com checkout.headspace.com
2 api.prod.headspace.com checkout.headspace.com
2 featuregates.org checkout.headspace.com
2 www.googletagmanager.com checkout.headspace.com
www.googletagmanager.com
1 o28532.ingest.sentry.io checkout.headspace.com
1 www.google.de
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 jssdks.mparticle.com checkout.headspace.com
1 app.link cdn.branch.io
1 cdn.branch.io jssdkcdns.mparticle.com
1 cdn.amplitude.com jssdkcdns.mparticle.com
1 www.google-analytics.com jssdkcdns.mparticle.com
1 static.zuora.com checkout.headspace.com
1 jssdkcdns.mparticle.com static.headspace.com
1 location.prod.headspace.com checkout.headspace.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 d.impactradius-event.com checkout.headspace.com
69 25

This site contains links to these domains. Also see Links.

Domain
www.headspace.com
webviews.headspace.com
www.onetrust.com
Subject Issuer Validity Valid
*.headspace.com
Amazon RSA 2048 M01
2023-07-10 -
2024-08-07
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
*.impactradius-event.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-08 -
2025-01-06
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
jssdkcdns.mparticle.com
Go Daddy Secure Certificate Authority - G2
2023-05-02 -
2024-06-02
a year crt.sh
featuregates.org
R3
2024-02-17 -
2024-05-17
3 months crt.sh
*.zuora.com
Sectigo RSA Organization Validation Secure Server CA
2023-08-16 -
2024-08-15
a year crt.sh
cdn.contentful.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2
2023-07-01 -
2024-08-01
a year crt.sh
identity.mparticle.com
Go Daddy Secure Certificate Authority - G2
2024-02-08 -
2024-06-08
4 months crt.sh
cdn.amplitude.com
Amazon RSA 2048 M02
2023-12-14 -
2025-01-12
a year crt.sh
*.branch.io
Amazon RSA 2048 M01
2023-09-11 -
2024-10-09
a year crt.sh
appipv4.link
Amazon RSA 2048 M03
2024-03-25 -
2025-04-22
a year crt.sh
jssdks.mparticle.com
Go Daddy Secure Certificate Authority - G2
2023-09-16 -
2024-10-17
a year crt.sh
images.ctfassets.net
Amazon RSA 2048 M02
2023-12-19 -
2025-01-16
a year crt.sh
statsigapi.net
R3
2024-02-17 -
2024-05-17
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
*.google.de
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-02 -
2024-12-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Frame ID: B9054BE7EE32C7D3AB6007CA999EB816
Requests: 60 HTTP requests in this frame

Screenshot

Page Title

Checkout - Headspace

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.amplitude\.com

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • d\.impactradius-event\.com

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

69
Requests

100 %
HTTPS

52 %
IPv6

19
Domains

25
Subdomains

23
IPs

3
Countries

2003 kB
Transfer

5912 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

69 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request checkout
checkout.headspace.com/
2 KB
2 KB
Document
General
Full URL
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
76dacaa24c152bd3b6391b7d3091ed52db541180c21004050ff17302debc27cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
12
content-encoding
gzip
content-type
text/html
date
Tue, 26 Mar 2024 16:11:30 GMT
etag
W/"85ca4b434c93263ccc18f5846fe3dce7"
last-modified
Fri, 22 Mar 2024 21:02:42 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
x-amz-cf-id
1z3EUYC-HaV6mgHusDD9iHd8Z8Sg1s1hasyn1KmR4mDwPRrr_lHlsQ==
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
5p3LtUrS0627SD2WPZzKWaQ7gFqAxX73
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Pg1MHDpg+UGdovxhidM4Kg==
age
4
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6839
x-ms-lease-status
unlocked
last-modified
Mon, 25 Mar 2024 07:07:50 GMT
server
cloudflare
etag
0x8DC4C9A4865CEDE
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8a21b288-301e-001b-41ce-7e0780000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86ad88ef93719-FRA
expires
Wed, 27 Mar 2024 16:11:35 GMT
env.js
checkout.headspace.com/
2 KB
1 KB
Script
General
Full URL
https://checkout.headspace.com/env.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
87aaed2d8d5865919a7d47599e96ae997be1f7c4d9349e5cabecf1da5818e622
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
sBcbN_C6qLrMqBhBdoqdhajYvV20WQtT
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:30 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
11
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:42 GMT
server
AmazonS3
etag
W/"451c028a8df719b699429d9e14e363c9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
zs1m_3kPguqmZwzoC8Z6LCX3xJBFk7YJJMHcg_NXIRFmc9rFxG5keQ==
main.fa96435c.js
checkout.headspace.com/static/js/
2 MB
517 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/main.fa96435c.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
772883ecf9afa599201ea005538d116888213462dc9f3d14fb4cf20435655aff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
OM8bUKDKX1pLMdhpwNlUvW9KVWHOlhKV
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:30 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
12
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
W/"fafde589ae0009f0d7b237513435c1ec"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
O1BHconHGsNb161ty9xqADREygG0RK7VxN4qp_oquZfXASiyQN1wtg==
3157e90d-5b64-44e9-834a-7bcbe657b257.json
cdn.cookielaw.org/consent/3157e90d-5b64-44e9-834a-7bcbe657b257/
6 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/3157e90d-5b64-44e9-834a-7bcbe657b257/3157e90d-5b64-44e9-834a-7bcbe657b257.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9447ee4832fed751af63a62823103a2373a83499c6abf003e1425bcb976be29d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
62655
content-md5
DwR+7YCCHInRLbSMew6LAw==
content-length
1913
x-ms-lease-status
unlocked
last-modified
Tue, 19 Mar 2024 21:03:44 GMT
server
cloudflare
etag
0x8DC4858101004EB
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1db39a8f-b01e-0048-7c41-7a24b4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86ad8da1792c3-FRA
expires
Wed, 27 Mar 2024 16:11:35 GMT
hs-web-analytics_production.js
static.headspace.com/mparticle-scripts/1.0.0/
1 KB
1 KB
Script
General
Full URL
https://static.headspace.com/mparticle-scripts/1.0.0/hs-web-analytics_production.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c1da61c8de4b4a8c6a2de33e434a611b688423c7b082385b90c753caa04b2e58

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 fe6d656eba9969a63bb94889f81e9bf8.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 01:21:59 GMT
last-modified
Thu, 14 Mar 2024 17:03:16 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
age
53377
x-amz-server-side-encryption
AES256
etag
W/"1a5875193b98ed74598f24898e5604ef"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
NLMcUd7eJcELhaOGk9Ewd896co_cHakwrmMDaF4poAJc7EdaN1kLiA==
gtm.js
www.googletagmanager.com/
373 KB
108 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
10ae63182da842853e8f59bb9c6e7ff1301b26357964a54bde7ce8687a6427e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
109834
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
vary
*
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
A2816351-2c6d-442e-a206-0844e1aebf7b1.js
d.impactradius-event.com/
37 KB
15 KB
Script
General
Full URL
https://d.impactradius-event.com/A2816351-2c6d-442e-a206-0844e1aebf7b1.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
72.249.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e135a470457bf253de7d5d7550cb1de073b8fe422c4912edd148c663c25d48ec

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:10:36 GMT
content-encoding
gzip
age
59
x-guploader-uploadid
ABPtcPp7pB_gtMTPbzeFbMfJ8eMUS1BqBQ83j4PMbYgxbM9l6Wcr5-b5FCS08KWcBIIDjpNrxJ8t1ai0nQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15320
last-modified
Fri, 22 Mar 2024 17:18:47 GMT
server
UploadServer
etag
"1e902fbd12de87126ddabd8b76b0f0b7"
vary
Accept-Encoding
x-goog-generation
1711127927019063
x-goog-hash
crc32c=O5LWbg==, md5=HpAvvRLehxJt2r2LdrDwtw==
access-control-allow-origin
*
content-type
text/javascript; charset=utf-8
cache-control
public,max-age=900,s-maxage=300
x-goog-stored-content-length
15320
accept-ranges
bytes
expires
Tue, 26 Mar 2024 16:15:36 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
66 B
303 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept
application/json
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
86a86ad92a263a5e-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202312.1.0/
429 KB
104 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68a8ca1ebf10a53e893706799708e1f5978ad07ca9e2ae7c2fb22da7d09891a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XKJEbi7L7XNGND1Y8WkfuQ==
age
2308
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
106388
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 08:59:21 GMT
server
cloudflare
etag
0x8DC3E84E17FBCBF
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b0fa4da6-d01e-0003-4ac3-70d8e7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86ad9b86b3719-FRA
/
location.prod.headspace.com/
2 B
284 B
XHR
General
Full URL
https://location.prod.headspace.com/
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-88.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 10:02:14 GMT
via
1.1 74cd4e6bd806cc7209ac94e0173f5ac8.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-P8
age
22161
vary
Origin
x-cache
Hit from cloudfront
access-control-allow-origin
https://checkout.headspace.com
content-length
2
x-amz-cf-id
aymbm0Nt9YoFbZpoq97xI1aXn9nxViqHKkYj9OHOhg6uhlFl13qMzg==
mparticle.js
jssdkcdns.mparticle.com/js/v2/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/
2 MB
756 KB
Script
General
Full URL
https://jssdkcdns.mparticle.com/js/v2/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/mparticle.js
Requested by
Host: static.headspace.com
URL: https://static.headspace.com/mparticle-scripts/1.0.0/hs-web-analytics_production.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
b6000d96b12bcecb61868b4d35c36a070d55d48532966dedaf93510db10f3113

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-iad-kjyo7100160-IAD, cache-fra-eddf8230130-FRA
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
server
Kestrel
age
252
x-timer
S1711469495.411956,VS0,VE4
x-origin-name
fastlyshield--shield_ssl_cache_iad_kjyo7100160_IAD
x-cache
HIT, HIT
content-type
application/javascript
vary
Accept, Accept-Encoding
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
773091
x-cache-hits
23, 1
en.json
cdn.cookielaw.org/consent/3157e90d-5b64-44e9-834a-7bcbe657b257/0fe712fe-2614-4c02-9edc-76fff8748c2b/variants/018e5333-5157-7675-9e7c-a64641b3224f/
138 KB
30 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/3157e90d-5b64-44e9-834a-7bcbe657b257/0fe712fe-2614-4c02-9edc-76fff8748c2b/variants/018e5333-5157-7675-9e7c-a64641b3224f/en.json
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2fe914e9503c927fa358f7c3d8426ab69f9c757f807b30143201b305375e647
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
38889
content-md5
BB8YtTo3yXEQ1M2sQB1y1g==
content-length
30132
x-ms-lease-status
unlocked
last-modified
Tue, 19 Mar 2024 21:03:58 GMT
server
cloudflare
etag
0x8DC485818855F00
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
4e0371e5-201e-0091-7a41-7a5c31000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86ad9fb2592c3-FRA
expires
Wed, 27 Mar 2024 16:11:35 GMT
initialize
featuregates.org/v1/
0
0
Preflight
General
Full URL
https://featuregates.org/v1/initialize
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
Access-Control-Request-Method
POST
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-security-policy
frame-ancestors *.statsig.com
date
Tue, 26 Mar 2024 16:11:35 GMT
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
x-content-type-options
nosniff;
x-statsig-region
gke-europe-west1
141.5f8511ec.chunk.js
checkout.headspace.com/static/js/
314 KB
86 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/141.5f8511ec.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
82eb864ea404a2e7ed6776aa69dc1787db08152bc4f8d68bc2bc0d0178e8af40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
_zPrd95KpiVwR3uRcEC.N5Bue04cUkuL
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:30 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
12
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:42 GMT
server
AmazonS3
etag
W/"1216b38c86051616831d4fac2ee4da68"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
vrICDxGTw30DNORgzfd-avh7fW4sEi98Jlun0vLKvcHmBpILfjMBVQ==
2980.896c44ea.chunk.js
checkout.headspace.com/static/js/
11 KB
4 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/2980.896c44ea.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e83d3dd3d510196ff11d9935f580e3748a95de98a820404472bea575bdb40bcf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
N29UlY2f3cuRo44TCl4mI4D7xHbRdlK8
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:30 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
12
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:42 GMT
server
AmazonS3
etag
W/"c8436c227a8935745d35ce656e756521"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
wMId9cLcMSnHO-rDMRrOzUU7lB4ib7kwGwHFBa-KHeLh2KjHM2QWkw==
4301.a0a14257.chunk.js
checkout.headspace.com/static/js/
8 KB
4 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/4301.a0a14257.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
814339b86941528739440e0b46e17e22c3e956e5de629ee018650fa87e5d2894
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
n.6XjGWCn4MLpHRVH18H3tEn581_nzfh
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:30 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
12
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
W/"212c522c4217316ae89d9dc18242a5f5"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
Q65zRRX4I2dThCHa76PVWBZSDHqrVjm9uC_47DwR_EFkkIgX2lBCDQ==
initialize
featuregates.org/v1/
6 KB
2 KB
Fetch
General
Full URL
https://featuregates.org/v1/initialize
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
22ef215519993c3fa3fe6f6ee1a39f3c30b359947bee7a119a81181068f4fd08
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff;

Request headers

STATSIG-CLIENT-TIME
1711469495388
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
STATSIG-API-KEY
client-AUIlYXXKCk5oO6j4J0DNeuR6LqIlquA0NmvGclKDUS9
STATSIG-SDK-VERSION
1.22.0
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/json; charset=UTF-8
Referer
https://checkout.headspace.com/
STATSIG-ENCODED
1
STATSIG-SDK-TYPE
react-client
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
via
1.1 google
content-security-policy
frame-ancestors *.statsig.com
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff;
x-statsig-region
gke-europe-west1
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1585
otFlat.json
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/otFlat.json
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BTZbeL2C0rgC8oY0plS4zQ==
age
74463
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 08:59:13 GMT
server
cloudflare
etag
0x8DC3E84DCC0509D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f11c3ac5-701e-008c-5dcc-73518d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86ada6b7f92c3-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/v2/
62 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/v2/otPcCenter.json
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a811246367093979c01fc9ea67e8db8c1b1e5abbd10fd669d6de163702c942b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
EK/r2nxyR01LplzRpIcHbQ==
age
62654
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12700
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 08:59:16 GMT
server
cloudflare
etag
0x8DC3E84DE1526D2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
ac0540cd-401e-0011-1c14-71a337000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86ada6b8292c3-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/otCommonStyles.css
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
74463
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 08:59:25 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4c1c1d95-f01e-0076-611e-71b3cb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
86a86ada6b8392c3-FRA
zuora-min.js
static.zuora.com/Resources/libs/hosted/1.3.0/
16 KB
6 KB
Script
General
Full URL
https://static.zuora.com/Resources/libs/hosted/1.3.0/zuora-min.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/4301.a0a14257.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:e000:8:7fab:4640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1bb6adcafcaad9be931b3737b65dcde7ea3bc2ff0d16cd2757b766397c471428

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
xI_w_.T9iwHLRFEMpbPBTmChbo0l93g3
content-encoding
br
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
date
Mon, 25 Mar 2024 23:11:29 GMT
last-modified
Fri, 22 Mar 2024 11:56:01 GMT
server
AmazonS3
age
61207
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
etag
W/"f5288c981f147116d032cd7f315452b3"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
x-amz-cf-id
qbT0Z6HZn4G97TykyWvf1Xp4SQEv8FpWLVGrdRkqczyfkYKD3vCqEA==
B2C14DANNUAL2022
api.prod.headspace.com/subscription/vouchers/
1 KB
1011 B
XHR
General
Full URL
https://api.prod.headspace.com/subscription/vouchers/B2C14DANNUAL2022
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-21.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
f4d34508fe876421cc7805046fae63ca51e8af2ad16536c62594966162771350

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
via
1.1 7b85fc567b776c0d31c5ac07cc6c2ae6.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
FRA56-P8
vary
origin,accept-encoding, Origin
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
https://checkout.headspace.com
access-control-expose-headers
Authorization,Server-Authorization,tags,WWW-Authenticate
cache-control
no-cache
x-envoy-upstream-service-time
18
access-control-allow-credentials
true
x-amz-cf-id
VMlK00Bmho-fXkJG5l8xnBokNU_2UDAnJuTebv5Dys3OpviKcXwvqg==
B2C14DANNUAL2022
api.prod.headspace.com/access-code/v1/access-codes/
3 KB
1 KB
XHR
General
Full URL
https://api.prod.headspace.com/access-code/v1/access-codes/B2C14DANNUAL2022?include=productsku
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-21.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
b369becf0ba37f90d6a988dcfa96da0b32f2aed2c828e20ddd17904d31eb402d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
via
1.1 7b85fc567b776c0d31c5ac07cc6c2ae6.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
FRA56-P8
vary
origin,accept-encoding, Origin
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
https://checkout.headspace.com
access-control-expose-headers
Authorization,Server-Authorization,tags,WWW-Authenticate
cache-control
no-cache
x-envoy-upstream-service-time
3
access-control-allow-credentials
true
x-amz-cf-id
7LOnXgWThIOdZlvkuwEQjOhj0W-gVaadxssDi7Sy4CuNJ5Oyjw71Lg==
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
2 KB
1 KB
XHR
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutMaintenancePage&include=10&locale=en-US
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
80262a24efe680f6d7af777ae4636f12e1108ca14fb37387e1328776e04c8011
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
X-Contentful-User-Agent
sdk contentful.js/9.3.2; platform browser; os Windows;
Authorization
Bearer w-jx8E8QR-riea5LIKueCniwyHRlDXO9RCca7MK7SjU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
contentful-api
cda
age
1842683
cf-organization-id
7Mv7jS2mkDx8bsJzIZ263D
cf-environment-uuid
eb29b571-c2f7-4362-904c-9fd55162548e
x-cache
HIT
cf-space-id
v3n26e09qg2r
content-length
911
x-served-by
cache-ewr18137-EWR, cache-fra-etou8220082-FRA
x-contentful-request-id
57e085ac-b931-4b8c-a410-ca11066c5160
cf-environment-id
master
server
Contentful
x-timer
S1711469496.616291,VS0,VE1
etag
W/"3305837311732265718"
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/vnd.contentful.delivery.v1+json
access-control-allow-origin
*
access-control-expose-headers
Etag
accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
x-contentful-route
/spaces/:space/environments/:environment/entries
x-contentful-region
us-east-1
x-cache-hits
3564, 1
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
0
0
Preflight
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutMaintenancePage&include=10&locale=en-US
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-contentful-user-agent
Access-Control-Request-Method
GET
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
access-control-allow-methods
GET,HEAD,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Etag
access-control-max-age
86400
age
0
date
Tue, 26 Mar 2024 16:11:35 GMT
server
Contentful
via
1.1 varnish, 1.1 varnish
x-cache
HIT
x-cache-hits
809, 0
x-content-type-options
nosniff
x-contentful-region
us-east-1
x-contentful-request-id
20e31dc0-189b-494f-bd8e-867bfd39259f
x-served-by
cache-ewr18137-EWR, cache-fra-etou8220082-FRA
x-timer
S1711469496.522342,VS0,VE87
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
599 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
2309
x-ms-lease-status
unlocked
last-modified
Mon, 25 Mar 2024 19:35:37 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
80dc8988-801e-0098-372c-7f19e2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
86a86adad9a63719-FRA
HeadspaceApercu-Regular.woff2
static.headspace.com/fonts/apercu-v1.002/
31 KB
32 KB
Font
General
Full URL
https://static.headspace.com/fonts/apercu-v1.002/HeadspaceApercu-Regular.woff2
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99abf66fcffd8b47b231ab3ebe8236df3a3f5873a431d103700799309020fffd

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
Origin
https://checkout.headspace.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
date
Thu, 21 Mar 2024 07:56:37 GMT
via
1.1 bc5539655ffc88be2596a0239ddfae52.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
461699
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
31792
last-modified
Mon, 11 Mar 2024 16:45:57 GMT
server
AmazonS3
etag
"637394b09b4f7d96bc2859f162fbdbcd"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
XD5_Nz8cX6iD-Be4hmwnJxrq8BFadkIzYZDYMJ8yI35woOe5E8sfpQ==
HeadspaceApercu-Bold.woff2
static.headspace.com/fonts/apercu-v1.002/
31 KB
31 KB
Font
General
Full URL
https://static.headspace.com/fonts/apercu-v1.002/HeadspaceApercu-Bold.woff2
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
24bb040bb29b5abb54c5f2c4eebb21393146d71164e781c98689f02ab9a4bf60

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
Origin
https://checkout.headspace.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
date
Fri, 22 Mar 2024 23:22:22 GMT
via
1.1 bc5539655ffc88be2596a0239ddfae52.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
319754
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
31660
last-modified
Thu, 14 Mar 2024 17:03:14 GMT
server
AmazonS3
etag
"987be5aa69b938d050de5d575085a8b1"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
qwCRaMVNAmdVUMzusIHBfdAy9P6R8jXA-zwf1KAIDICycRI_nWyWIg==
HeadspaceApercu-Medium.woff2
static.headspace.com/fonts/apercu-v1.002/
31 KB
32 KB
Font
General
Full URL
https://static.headspace.com/fonts/apercu-v1.002/HeadspaceApercu-Medium.woff2
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
410bda17f844aee254e3e02763989267aeb40541e13c515c5b5a59232a9babcb

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
Origin
https://checkout.headspace.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
date
Fri, 22 Mar 2024 23:27:21 GMT
via
1.1 bc5539655ffc88be2596a0239ddfae52.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
319454
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
31808
last-modified
Thu, 14 Mar 2024 17:03:14 GMT
server
AmazonS3
etag
"15294b539a0ec0a3467ac861e56aadcd"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
hJ8Ol1raNNU4XnO9SrcM06X098GN5LWkhzWSvQyJuddyIbl_SF42nA==
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
494 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
60012
x-ms-lease-status
unlocked
last-modified
Mon, 25 Mar 2024 02:24:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
17d07fbd-301e-001b-1e65-7e0780000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
86a86adadbee92c3-FRA
ot_company_logo.png
cdn.cookielaw.org/logos/static/
4 KB
4 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
2309
content-length
4036
x-ms-lease-status
unlocked
last-modified
Mon, 25 Mar 2024 19:35:37 GMT
server
cloudflare
etag
0x8DC4D02BF9051A1
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
d2ba6eb3-401e-004c-402c-7fa9b3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86a86adae9c13719-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
79884
x-ms-lease-status
unlocked
last-modified
Thu, 21 Mar 2024 07:04:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
0a1e1a41-a01e-00a0-45c2-7bbd22000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
86a86adae9c33719-FRA
identify
identity.mparticle.com/v1/
0
0
Preflight
General
Full URL
https://identity.mparticle.com/v1/identify
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-mp-key
Access-Control-Request-Method
POST
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-mp-key
access-control-allow-methods
POST
access-control-allow-origin
*
age
825
date
Tue, 26 Mar 2024 16:11:35 GMT
server
Kestrel
strict-transport-security
max-age=900
via
1.1 varnish
x-cache
HIT
x-cache-hits
381
x-fastly-trace-id
2136932367
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-fra-eddf8230042-FRA
x-timer
S1711469496.562932,VS0,VE0
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/mparticle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 26 Mar 2024 15:48:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1407
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 26 Mar 2024 17:48:08 GMT
amplitude-8.21.8-min.gz.js
cdn.amplitude.com/libs/
98 KB
27 KB
Script
General
Full URL
https://cdn.amplitude.com/libs/amplitude-8.21.8-min.gz.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/mparticle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.158.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-158-75.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
504d1cff280d5006f70a0adad442ee38aee4b919b7f693e6f2daee463e2ece52

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
Origin
https://checkout.headspace.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Jan 2024 23:43:00 GMT
content-encoding
gzip
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
x-amz-version-id
Z6WWD9fM76SH6Yodxsp0mD5T3d6Q8WtC
x-amz-cf-pop
FRA60-P9
age
6107316
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
27487
last-modified
Tue, 04 Apr 2023 21:13:46 GMT
server
AmazonS3
etag
"1a3065f55cc5d419cd830e012656064d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
iRQvemSqySQqTfolVRNO9LfZ6M0YGxwVF3rs5LAE7tki7s14J0XdUA==
branch-latest.min.js
cdn.branch.io/
74 KB
23 KB
Script
General
Full URL
https://cdn.branch.io/branch-latest.min.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/mparticle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.139.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-139-118.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e05e2939b5b791cf4accd8146146cb9bc11d79f24cfd74292b6e0f7a133564db

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
qUNF9UneW4jvvX1Y5.pUYa4MM3z58hxe
content-encoding
gzip
via
1.1 fc8f1559bec15e56ec52376ce42c7d90.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:07:47 GMT
last-modified
Wed, 28 Feb 2024 16:35:09 GMT
server
AmazonS3
x-amz-cf-pop
AMS50-C1
age
229
etag
"9aaa511375e7965f25b8d573e1cd2cef"
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=300
content-length
23363
x-amz-cf-id
5NV6H_SH6_wpw0IL8eKwtSiuzJfYPrjzLEoi5Fsbg0p3mTEefRZX4Q==
identify
identity.mparticle.com/v1/
175 B
336 B
XHR
General
Full URL
https://identity.mparticle.com/v1/identify
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
00f84be31139ab805b4ce8a9f84a7896a0340540422d3cd89f380ef06bf40431
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
x-mp-key
BxazLKm8649buJbWBLWXt2Pw7bfin6qB
Referer
https://checkout.headspace.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
via
1.1 varnish
x-mp-max-age
86400
strict-transport-security
max-age=900
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-cache
MISS
x-served-by
cache-fra-eddf8230042-FRA
server
Kestrel
x-timer
S1711469496.570179,VS0,VE109
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-MP-Max-Age
x-fastly-trace-id
2136932459
accept-ranges
bytes
x-cache-hits
0
_r
app.link/
91 B
633 B
Script
General
Full URL
https://app.link/_r?sdk=web2.84.0&branch_key=key_live_mcdUiF9uYBpZ5OEBEK0jqoflzzlbD4dt&callback=branch_callback__0
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:c800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
2efb5565ddedf0ba1660a52a6f02b284022030f0b4855dc5e6aad1ace830ab96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
via
1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
server
openresty
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop
FRA6-C1
etag
W/"5b-WBaVfdTdytQkxUmKQWzjOrWquRo"
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
content-length
91
x-amz-cf-id
tzGU0gdJysYXm01tiQQ6axtgj7qSzFQnKQ6GZZlxKyCLdcZL3Qgl9g==
Forwarding
jssdks.mparticle.com/v1/JS/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/
0
192 B
XHR
General
Full URL
https://jssdks.mparticle.com/v1/JS/BxazLKm8649buJbWBLWXt2Pw7bfin6qB/Forwarding
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-served-by
cache-fra-eddf8230024-FRA
date
Tue, 26 Mar 2024 16:11:35 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1711469496.729378,VS0,VE2
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
0
0
Preflight
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&fields.code%5Bin%5D=B2C14DANNUAL2022&locale=en-US&fields.region%5Blike%5D=DE&fields.tags%5Ball%5D=FREE_TRIAL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-contentful-user-agent
Access-Control-Request-Method
GET
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
access-control-allow-methods
GET,HEAD,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Etag
access-control-max-age
86400
age
0
date
Tue, 26 Mar 2024 16:11:35 GMT
server
Contentful
via
1.1 varnish, 1.1 varnish
x-cache
HIT
x-cache-hits
15, 0
x-content-type-options
nosniff
x-contentful-region
us-east-1
x-contentful-request-id
93f8079d-2ede-46e7-994d-7085b8fe6613
x-served-by
cache-ewr18160-EWR, cache-fra-etou8220082-FRA
x-timer
S1711469496.712176,VS0,VE86
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
0
0
Preflight
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&fields.code%5Bin%5D=B2C14DANNUAL2022&locale=en-US&fields.region%5Blike%5D=DE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-contentful-user-agent
Access-Control-Request-Method
GET
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
access-control-allow-methods
GET,HEAD,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Etag
access-control-max-age
86400
age
0
date
Tue, 26 Mar 2024 16:11:35 GMT
server
Contentful
via
1.1 varnish, 1.1 varnish
x-cache
HIT
x-cache-hits
15, 0
x-content-type-options
nosniff
x-contentful-region
us-east-1
x-contentful-request-id
f8504452-088f-4c76-a0c0-82a6d5e9baaf
x-served-by
cache-ewr18124-EWR, cache-fra-etou8220082-FRA
x-timer
S1711469496.712304,VS0,VE86
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
0
0
Preflight
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&locale=en-US&fields.region%5Blike%5D=DE&fields.tags%5Ball%5D=FREE_TRIAL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-contentful-user-agent
Access-Control-Request-Method
GET
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
access-control-allow-methods
GET,HEAD,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Etag
access-control-max-age
86400
age
0
date
Tue, 26 Mar 2024 16:11:35 GMT
server
Contentful
via
1.1 varnish, 1.1 varnish
x-cache
HIT
x-cache-hits
16, 0
x-content-type-options
nosniff
x-contentful-region
us-east-1
x-contentful-request-id
0a188e29-3d9b-40a3-8369-0507f13996a0
x-served-by
cache-ewr18122-EWR, cache-fra-etou8220082-FRA
x-timer
S1711469496.712524,VS0,VE86
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
0
0
Preflight
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&locale=en-US&fields.region%5Blike%5D=DE&fields.tags%5Bin%5D=BASE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-contentful-user-agent
Access-Control-Request-Method
GET
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
access-control-allow-methods
GET,HEAD,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Etag
access-control-max-age
86400
age
0
date
Tue, 26 Mar 2024 16:11:35 GMT
server
Contentful
via
1.1 varnish, 1.1 varnish
x-cache
HIT
x-cache-hits
31, 0
x-content-type-options
nosniff
x-contentful-region
us-east-1
x-contentful-request-id
94eaf4ad-27a6-4b0e-b904-8da23e801f75
x-served-by
cache-ewr18171-EWR, cache-fra-etou8220082-FRA
x-timer
S1711469496.713082,VS0,VE87
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
61 KB
10 KB
XHR
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&fields.code%5Bin%5D=B2C14DANNUAL2022&locale=en-US&fields.region%5Blike%5D=DE&fields.tags%5Ball%5D=FREE_TRIAL
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
95285007eeda811cc6935e25d37ecde805957a74ba17cbbaa4c62b2c1ec602c0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
X-Contentful-User-Agent
sdk contentful.js/9.3.2; platform browser; os Windows;
Authorization
Bearer w-jx8E8QR-riea5LIKueCniwyHRlDXO9RCca7MK7SjU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
contentful-api
cda
age
181
cf-organization-id
7Mv7jS2mkDx8bsJzIZ263D
cf-environment-uuid
eb29b571-c2f7-4362-904c-9fd55162548e
x-cache
HIT
cf-space-id
v3n26e09qg2r
content-length
10032
x-served-by
cache-ewr18160-EWR, cache-fra-etou8220082-FRA
x-contentful-request-id
d6bcfc02-1259-4206-9d6f-c24cf01d49fc
cf-environment-id
master
server
Contentful
x-timer
S1711469496.807474,VS0,VE1
etag
W/"16029587001290806002"
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/vnd.contentful.delivery.v1+json
access-control-allow-origin
*
access-control-expose-headers
Etag
accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
x-contentful-route
/spaces/:space/environments/:environment/entries
x-contentful-region
us-east-1
x-cache-hits
20, 1
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
61 KB
10 KB
XHR
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&fields.code%5Bin%5D=B2C14DANNUAL2022&locale=en-US&fields.region%5Blike%5D=DE
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
95285007eeda811cc6935e25d37ecde805957a74ba17cbbaa4c62b2c1ec602c0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
X-Contentful-User-Agent
sdk contentful.js/9.3.2; platform browser; os Windows;
Authorization
Bearer w-jx8E8QR-riea5LIKueCniwyHRlDXO9RCca7MK7SjU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
contentful-api
cda
age
181
cf-organization-id
7Mv7jS2mkDx8bsJzIZ263D
cf-environment-uuid
eb29b571-c2f7-4362-904c-9fd55162548e
x-cache
HIT
cf-space-id
v3n26e09qg2r
content-length
10032
x-served-by
cache-ewr18124-EWR, cache-fra-etou8220082-FRA
x-contentful-request-id
1ea2a789-cdc9-4223-8a58-79b12c2c2b23
cf-environment-id
master
server
Contentful
x-timer
S1711469496.807068,VS0,VE3
etag
W/"16029587001290806002"
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/vnd.contentful.delivery.v1+json
access-control-allow-origin
*
access-control-expose-headers
Etag
accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
x-contentful-route
/spaces/:space/environments/:environment/entries
x-contentful-region
us-east-1
x-cache-hits
0, 1
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
75 KB
12 KB
XHR
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&locale=en-US&fields.region%5Blike%5D=DE&fields.tags%5Ball%5D=FREE_TRIAL
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
0864aefde3b450e53f715f262f27ca2964a40fd3d2dbf2e74fc24de0761e9918
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
X-Contentful-User-Agent
sdk contentful.js/9.3.2; platform browser; os Windows;
Authorization
Bearer w-jx8E8QR-riea5LIKueCniwyHRlDXO9RCca7MK7SjU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
contentful-api
cda
age
3989
cf-organization-id
7Mv7jS2mkDx8bsJzIZ263D
cf-environment-uuid
eb29b571-c2f7-4362-904c-9fd55162548e
x-cache
HIT
cf-space-id
v3n26e09qg2r
content-length
11629
x-served-by
cache-ewr18122-EWR, cache-fra-etou8220082-FRA
x-contentful-request-id
f9c29d46-a6db-4ffa-897b-43b657b8746a
cf-environment-id
master
server
Contentful
x-timer
S1711469496.807033,VS0,VE1
etag
W/"11289252027307614700"
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/vnd.contentful.delivery.v1+json
access-control-allow-origin
*
access-control-expose-headers
Etag
accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
x-contentful-route
/spaces/:space/environments/:environment/entries
x-contentful-region
us-east-1
x-cache-hits
33, 1
entries
cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/
50 KB
9 KB
XHR
General
Full URL
https://cdn.contentful.com/spaces/v3n26e09qg2r/environments/master/entries?content_type=checkoutFlow&include=10&locale=en-US&fields.region%5Blike%5D=DE&fields.tags%5Bin%5D=BASE
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
57e7c931fbc93c6e8f4dadcb4a3d39e4e4ca32606a1b00fee4d4794c3fbc1c0c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
X-Contentful-User-Agent
sdk contentful.js/9.3.2; platform browser; os Windows;
Authorization
Bearer w-jx8E8QR-riea5LIKueCniwyHRlDXO9RCca7MK7SjU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://checkout.headspace.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
contentful-api
cda
age
3989
cf-organization-id
7Mv7jS2mkDx8bsJzIZ263D
cf-environment-uuid
eb29b571-c2f7-4362-904c-9fd55162548e
x-cache
HIT
cf-space-id
v3n26e09qg2r
content-length
8604
x-served-by
cache-ewr18171-EWR, cache-fra-etou8220082-FRA
x-contentful-request-id
3be465a4-47b3-457a-93c3-5fd75750be74
cf-environment-id
master
server
Contentful
x-timer
S1711469496.807474,VS0,VE1
etag
W/"17295190541192639782"
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/vnd.contentful.delivery.v1+json
access-control-allow-origin
*
access-control-expose-headers
Etag
accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
x-contentful-route
/spaces/:space/environments/:environment/entries
x-contentful-region
us-east-1
x-cache-hits
10, 1
open
api2.branch.io/v1/
275 B
668 B
XHR
General
Full URL
https://api2.branch.io/v1/open
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:4400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Branch
Resource Hash
bd93d4ea03105303b32615b55d3281f02d3175c8b9e9175ce65caca03cd123a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 26 Mar 2024 16:11:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 94313a5530517e71f4769858ce013d58.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
x-powered-by
Branch
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
x-branch-request-id
c2552323-b542-4137-bdcc-49ba0d15aa91-2024032616
content-length
275
x-amz-cf-id
MbVMXUfWYxybPoywFHfXx1UIVP6sh39uKziOs8tVwrSObUPKO2iFdg==
favicon.ico
checkout.headspace.com/
5 KB
6 KB
Other
General
Full URL
https://checkout.headspace.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1070247e775c71cf7d3ca5de77dade46e7cd9b71358c7e170444cea874877816
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
Ox5QHsD72AGgLjNpjwgEmAsER6dvw3W1
date
Tue, 26 Mar 2024 16:11:31 GMT
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
11
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
5430
last-modified
Fri, 22 Mar 2024 21:02:42 GMT
server
AmazonS3
etag
"7c6a5f5b8eea5a286d6cfb76ec23a861"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
x-amz-cf-id
clxeyRg4uoAQ8rYrKZv2hrGcZmLWkGr3iwl3MTjOgyoKZslM_5F9yg==
CheckoutLayoutModule.c712d3a4.chunk.js
checkout.headspace.com/static/js/
4 KB
2 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/CheckoutLayoutModule.c712d3a4.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9327537ba45096af333860b7275eb1c169de00046e1c4bd167afd1654558ccc2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
Tv7Dr8NzVPuFU4oMkw5ezBRUTxTnsmD3
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:31 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
11
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
W/"8a57036ff8082a66a3e93b5d7182728b"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
onl-iJf-0XLChv8yEHx-8kpTDrBWbJzfDiclGJadClKC99ixFR_CuA==
CheckoutFooterModule.6b411b75.chunk.js
checkout.headspace.com/static/js/
385 B
853 B
Script
General
Full URL
https://checkout.headspace.com/static/js/CheckoutFooterModule.6b411b75.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3d1bbf9c32551609d027c03f8aace8ddd82d4f65432f12f2347695adfc269449
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
7QYSq7Uk4LrWvbo.MJwI_wg_nDEeAIid
date
Tue, 26 Mar 2024 16:11:31 GMT
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
11
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
385
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
"d6bbb71a9f203774e285d6b25cd85de1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
eGThdhxjawFJ-BdPYoNtwxuyDtuScXmCcyFBDzkbTyBLIyusnJAAEA==
Background__1_.svg
images.ctfassets.net/v3n26e09qg2r/6qeb3sadhRpzG2busvI8hq/762af519fc2121c49141dd3f6cf2fd25/
5 KB
3 KB
Image
General
Full URL
https://images.ctfassets.net/v3n26e09qg2r/6qeb3sadhRpzG2busvI8hq/762af519fc2121c49141dd3f6cf2fd25/Background__1_.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:4200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
bd12a9ad8bb6aea5099b4c95892ea2db94c807c85ab4c955cbc02c39765e0966

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 08:47:02 GMT
content-encoding
gzip
via
1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
last-modified
Tue, 17 May 2022 17:40:15 GMT
server
Contentful Images API
x-amz-cf-pop
MUC50-P3
age
26674
etag
W/"525fb2babbb97a5994b62ae0cf2b4d84"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-id
4FFP_NH1Lit5lcnJLjIbW0h2pBmlQaIJJrLHYV1xBtQhBpTF2iqxrw==
rgstr
events.statsigapi.net/v1/
16 B
90 B
Fetch
General
Full URL
https://events.statsigapi.net/v1/rgstr
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff,nosniff;
X-Frame-Options SAMEORIGIN

Request headers

STATSIG-CLIENT-TIME
1711469495889
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
STATSIG-API-KEY
client-AUIlYXXKCk5oO6j4J0DNeuR6LqIlquA0NmvGclKDUS9
STATSIG-SDK-VERSION
1.22.0
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/json; charset=UTF-8
Referer
https://checkout.headspace.com/
STATSIG-ENCODED
0
STATSIG-SDK-TYPE
react-client
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
0 ms
date
Tue, 26 Mar 2024 16:11:35 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors *.statsig.com
x-content-type-options
nosniff,nosniff;
x-frame-options
SAMEORIGIN
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
headspace-logo.svg
images.ctfassets.net/v3n26e09qg2r/7CSyedyArzTd5GP9LiuL78/f5a303f777ee3691a8ddfd5d36a7d591/
5 KB
2 KB
Image
General
Full URL
https://images.ctfassets.net/v3n26e09qg2r/7CSyedyArzTd5GP9LiuL78/f5a303f777ee3691a8ddfd5d36a7d591/headspace-logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:4200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
c413c881bee8925008df8f6d9c2ca47233e8e57bfb88f0a3c7c660557a41f65c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 02:09:35 GMT
content-encoding
gzip
via
1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
last-modified
Thu, 05 Nov 2020 22:59:07 GMT
server
Contentful Images API
x-amz-cf-pop
MUC50-P3
age
50521
etag
W/"3fa3c755b534a4d6c064397fc0e6ba6b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-id
Oyj9bdSm63EZdzvujkQTAgxWDhQ3WtxyS6PbDvpiBpLQnJrD5UoJoA==
CheckoutMarkdownFormFieldModule.62a9907b.chunk.js
checkout.headspace.com/static/js/
932 B
1 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/CheckoutMarkdownFormFieldModule.62a9907b.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
75889f2060c9bcc80feee1baef3f2e8ce06c28f96e250a5cc063f1abf60e8136
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
o..fh5tINfsluL3CDO6al_sTFRPy4tNx
date
Tue, 26 Mar 2024 16:11:31 GMT
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
10
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
932
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
"816643a7b2f0c0267d9ebc2c31081e4e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
cg8CHFgCTIi1mbqFc0T28ZxwiBKKlW9aCglfmI6emSu5Qznm6l-Zeg==
CheckoutListModule.feaecf43.chunk.js
checkout.headspace.com/static/js/
2 KB
1 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/CheckoutListModule.feaecf43.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
099688c0d01cf35e651f32603a9ca7aeffeeecfcb3e0d3396731dda46f062999
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
gfMxQv1iky_DYm5F0ZJKrG_wpg57WRh0
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:31 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
10
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
W/"b62c4a980f96dfe1e4c6f5f4c5e77b18"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
6AE4mWMjnNYXkjzJM1kFkB7ba0B74VnIsLh_jL9IavoJy8fNJowJ-Q==
CheckoutAuthenticationFormModule.d2e81b7e.chunk.js
checkout.headspace.com/static/js/
3 KB
2 KB
Script
General
Full URL
https://checkout.headspace.com/static/js/CheckoutAuthenticationFormModule.d2e81b7e.chunk.js
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-90.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f3427bc74c7330d50082c09096861d27c64cdcf5bc6fa688e20f137c8cdc062d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
ViZuNzrLsSNZGbAz4NMaSIDmtEQzULUT
content-encoding
gzip
via
1.1 99a7400285d83f528f50f54d665628e2.cloudfront.net (CloudFront)
date
Tue, 26 Mar 2024 16:11:31 GMT
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P4
age
10
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 22 Mar 2024 21:02:43 GMT
server
AmazonS3
etag
W/"2f7af0e7402be77dab12ecf2bc8ba102"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
On4-gW9RByS_12D_ufzmN8aL1NEwcjlv7vCTQ-V_RYKUEQhb_Celmw==
rgstr
events.statsigapi.net/v1/
0
0
Preflight
General
Full URL
https://events.statsigapi.net/v1/rgstr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff,nosniff;
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
Access-Control-Request-Method
POST
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-security-policy
frame-ancestors *.statsig.com
date
Tue, 26 Mar 2024 16:11:35 GMT
permissions-policy
interest-cohort=()
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
x-content-type-options
nosniff,nosniff;
x-frame-options
SAMEORIGIN
x-response-time
0 ms
pageview
api2.branch.io/v1/
29 B
350 B
XHR
General
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:4400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Branch
Resource Hash
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 26 Mar 2024 16:11:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 94313a5530517e71f4769858ce013d58.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
x-powered-by
Branch
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
29
x-amz-cf-id
qG4Ty5cJ5-aYPJpoRs7I31qKE_zUMlKfvNK0y4fB_kykcElee9autg==
destination
www.googletagmanager.com/gtag/
301 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=G-03GR1D2D0N&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
299c3ceea51ec1b3782dbb427b79cac7f058bfdfb28a1f2665c48b8bde321145
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 16:11:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98989
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 26 Mar 2024 16:11:36 GMT
privacyoptions.svg
images.ctfassets.net/v3n26e09qg2r/7HWy4l0Kawd4lCCNr1VdMA/db1a655fbf86aafad316205303fbe712/
2 KB
1 KB
Image
General
Full URL
https://images.ctfassets.net/v3n26e09qg2r/7HWy4l0Kawd4lCCNr1VdMA/db1a655fbf86aafad316205303fbe712/privacyoptions.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:4200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 05:19:48 GMT
content-encoding
gzip
via
1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
last-modified
Tue, 21 Nov 2023 15:15:57 GMT
server
Contentful Images API
x-amz-cf-pop
MUC50-P3
age
39109
etag
W/"8051dee1dd72e78a9528a16c062cff66"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-id
cUec1V6YBJNF7B7uwC59ReQ1cjkIlYDWsMRzm_Yi5YdurcUnbDBiNQ==
privacyoptions.svg
images.ctfassets.net/v3n26e09qg2r/7HWy4l0Kawd4lCCNr1VdMA/db1a655fbf86aafad316205303fbe712/
2 KB
1 KB
Image
General
Full URL
https://images.ctfassets.net/v3n26e09qg2r/7HWy4l0Kawd4lCCNr1VdMA/db1a655fbf86aafad316205303fbe712/privacyoptions.svg
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:4200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 05:19:48 GMT
content-encoding
gzip
via
1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
last-modified
Tue, 21 Nov 2023 15:15:57 GMT
server
Contentful Images API
x-amz-cf-pop
MUC50-P3
age
39109
etag
W/"8051dee1dd72e78a9528a16c062cff66"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-id
XZyPk9eIBdx0RqeQZMmLYiiT4F_XHRFWL0hpTDjzuD9CdXZVq1DrTw==
collect
region1.analytics.google.com/g/
0
258 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-03GR1D2D0N&gtm=45je43p0v873746112z876838675za200&_p=1711469495155&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1708228936.1711469496&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.58%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.58&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1711469496&sct=1&seg=0&dl=https%3A%2F%2Fcheckout.headspace.com%2Fcheckout%3FvoucherCode%3DB2C14DANNUAL2022&dt=Checkout%20-%20Headspace&en=customGtmEvent&_fv=1&_ss=1&ep.Category=initiate_checkout&tfd=1287
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-03GR1D2D0N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 26 Mar 2024 16:11:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://checkout.headspace.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
258 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-03GR1D2D0N&cid=1708228936.1711469496&gtm=45je43p0v873746112z876838675za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-03GR1D2D0N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 26 Mar 2024 16:11:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://checkout.headspace.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-03GR1D2D0N&cid=1708228936.1711469496&gtm=45je43p0v873746112z876838675za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1317221981
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 26 Mar 2024 16:11:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rgstr
events.statsigapi.net/v1/
16 B
36 B
Fetch
General
Full URL
https://events.statsigapi.net/v1/rgstr
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff,nosniff;
X-Frame-Options SAMEORIGIN

Request headers

STATSIG-CLIENT-TIME
1711469496386
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
STATSIG-API-KEY
client-AUIlYXXKCk5oO6j4J0DNeuR6LqIlquA0NmvGclKDUS9
STATSIG-SDK-VERSION
1.22.0
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/json; charset=UTF-8
Referer
https://checkout.headspace.com/
STATSIG-ENCODED
0
STATSIG-SDK-TYPE
react-client
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
0 ms
date
Tue, 26 Mar 2024 16:11:36 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors *.statsig.com
x-content-type-options
nosniff,nosniff;
x-frame-options
SAMEORIGIN
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
rgstr
events.statsigapi.net/v1/
0
0
Preflight
General
Full URL
https://events.statsigapi.net/v1/rgstr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff,nosniff;
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
Access-Control-Request-Method
POST
Origin
https://checkout.headspace.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-security-policy
frame-ancestors *.statsig.com
date
Tue, 26 Mar 2024 16:11:35 GMT
permissions-policy
interest-cohort=()
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
x-content-type-options
nosniff,nosniff;
x-frame-options
SAMEORIGIN
x-response-time
0 ms
/
o28532.ingest.sentry.io/api/5236455/envelope/
41 B
339 B
Fetch
General
Full URL
https://o28532.ingest.sentry.io/api/5236455/envelope/?sentry_key=d197367d8c0942939150295428374805&sentry_version=7&sentry_client=sentry.javascript.react%2F7.74.1
Requested by
Host: checkout.headspace.com
URL: https://checkout.headspace.com/static/js/main.fa96435c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
683a3d14e1ae014d93177d58cc93f038a868cee333a55896454be066ab72f3bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://checkout.headspace.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 26 Mar 2024 16:11:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onpagereveal object| OneTrustStub function| OptanonWrapper object| HEADSPACE_APP_CONFIG object| dataLayer string| ire_o function| ire object| webpackChunk_headspace_web_checkout object| __SENTRY__ string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| irEvent object| mParticle function| __STATSIG_SDK__ function| __STATSIG_RERENDER_OVERRIDE__ object| AmplitudeInitSettings object| google_tag_manager object| google_tag_data object| Optanon object| OneTrust object| mpGoogleAnalyticsKit object| mpAmplitudeKit object| BranchMetricsKit string| GoogleAnalyticsObject function| ga object| amplitude object| branch string| __z_version string| ifrmId boolean| threedRedirected object| ZLOG object| ZXD object| Z object| ZFB object| __sentry_instrumentation_handlers__ object| analyticsConnectorInstances object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady

12 Cookies

Domain/Path Name / Value
.headspace.com/ Name: lang
Value: en
.headspace.com/ Name: countryCode
Value: DE
.headspace.com/ Name: hsDeviceId
Value: 9c212691-a7cc-41b0-a09b-68ff4c4b1618
.headspace.com/ Name: OTVariant
Value: 018e5333-5157-7675-9e7c-a64641b3224f
.headspace.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Mar+26+2024+17%3A11%3A35+GMT%2B0100+(Central+European+Standard+Time)&version=202312.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=aadc9393-7844-48cc-adce-db64fd0bd68b&interactionCount=0&landingPath=https%3A%2F%2Fcheckout.headspace.com%2Fcheckout%3FvoucherCode%3DB2C14DANNUAL2022&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.headspace.com/ Name: amp_2c0e8b
Value: 9c212691-a7cc-41b0-a09b-68ff4c4b1618...1hptog18d.1hptog18d.0.0.0
.checkout.headspace.com/ Name: _ga
Value: GA1.3.1708228936.1711469496
.checkout.headspace.com/ Name: _gid
Value: GA1.3.1607984956.1711469496
.headspace.com/ Name: mprtcl-v4_B0C8D5EC
Value: {'gs':{'ie':1|'dt':'BxazLKm8649buJbWBLWXt2Pw7bfin6qB'|'cgid':'4e30f68f-aa5d-4d55-e4e5-ad7d24c7db2d'|'das':'a9fe3518-f673-4ff7-9d6c-bd7da78a02a3'|'csm':'WyI4Njc3OTU0MDI4MjUwNzc1MDc5Il0='|'sid':'0519B00E-49D8-4DB3-52BA-EEFE2F0309AE'|'les':1711469495507|'ssd':1711469495506}|'l':0|'8677954028250775079':{'fst':1711469495686}|'cu':'8677954028250775079'}
.app.link/ Name: _s
Value: KISxWvy2PUkr82mfwbs2p6rSF0U4c3LZZB4yloi8gvJt5%2BTjdpHpoZsLQmd6bysx
.headspace.com/ Name: _ga
Value: GA1.1.1708228936.1711469496
.headspace.com/ Name: _ga_03GR1D2D0N
Value: GS1.1.1711469496.1.0.1711469496.60.0.0

2 Console Messages

Source Level URL
Text
other warning URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
recommendation verbose URL: https://checkout.headspace.com/checkout?voucherCode=B2C14DANNUAL2022
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.prod.headspace.com
api2.branch.io
app.link
cdn.amplitude.com
cdn.branch.io
cdn.contentful.com
cdn.cookielaw.org
checkout.headspace.com
d.impactradius-event.com
events.statsigapi.net
featuregates.org
geolocation.onetrust.com
identity.mparticle.com
images.ctfassets.net
jssdkcdns.mparticle.com
jssdks.mparticle.com
location.prod.headspace.com
o28532.ingest.sentry.io
region1.analytics.google.com
static.headspace.com
static.zuora.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.de
www.googletagmanager.com
13.33.158.75
142.250.181.227
146.75.122.49
18.173.154.63
18.173.187.90
18.245.31.21
18.245.31.88
2001:4860:4802:34::36
2600:9000:2057:c800:19:9934:6a80:93a1
2600:9000:2240:e000:8:7fab:4640:93a1
2600:9000:26db:4200:12:94b3:c380:93a1
2600:9000:26db:4400:11:f728:3040:93a1
2606:4700:4400::ac40:9b77
2606:4700::6813:b134
2a00:1450:4001:803::200e
2a00:1450:4001:82a::2008
2a00:1450:400c:c1d::9b
2a04:4e42:200::645
2a04:4e42::645
34.120.195.249
34.128.128.0
35.186.249.72
52.222.139.118
00f84be31139ab805b4ce8a9f84a7896a0340540422d3cd89f380ef06bf40431
0864aefde3b450e53f715f262f27ca2964a40fd3d2dbf2e74fc24de0761e9918
099688c0d01cf35e651f32603a9ca7aeffeeecfcb3e0d3396731dda46f062999
1070247e775c71cf7d3ca5de77dade46e7cd9b71358c7e170444cea874877816
10ae63182da842853e8f59bb9c6e7ff1301b26357964a54bde7ce8687a6427e9
1bb6adcafcaad9be931b3737b65dcde7ea3bc2ff0d16cd2757b766397c471428
22ef215519993c3fa3fe6f6ee1a39f3c30b359947bee7a119a81181068f4fd08
24bb040bb29b5abb54c5f2c4eebb21393146d71164e781c98689f02ab9a4bf60
299c3ceea51ec1b3782dbb427b79cac7f058bfdfb28a1f2665c48b8bde321145
2efb5565ddedf0ba1660a52a6f02b284022030f0b4855dc5e6aad1ace830ab96
3d1bbf9c32551609d027c03f8aace8ddd82d4f65432f12f2347695adfc269449
410bda17f844aee254e3e02763989267aeb40541e13c515c5b5a59232a9babcb
504d1cff280d5006f70a0adad442ee38aee4b919b7f693e6f2daee463e2ece52
57e7c931fbc93c6e8f4dadcb4a3d39e4e4ca32606a1b00fee4d4794c3fbc1c0c
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
683a3d14e1ae014d93177d58cc93f038a868cee333a55896454be066ab72f3bd
68a8ca1ebf10a53e893706799708e1f5978ad07ca9e2ae7c2fb22da7d09891a3
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
75889f2060c9bcc80feee1baef3f2e8ce06c28f96e250a5cc063f1abf60e8136
76dacaa24c152bd3b6391b7d3091ed52db541180c21004050ff17302debc27cb
772883ecf9afa599201ea005538d116888213462dc9f3d14fb4cf20435655aff
80262a24efe680f6d7af777ae4636f12e1108ca14fb37387e1328776e04c8011
814339b86941528739440e0b46e17e22c3e956e5de629ee018650fa87e5d2894
82eb864ea404a2e7ed6776aa69dc1787db08152bc4f8d68bc2bc0d0178e8af40
86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba
87aaed2d8d5865919a7d47599e96ae997be1f7c4d9349e5cabecf1da5818e622
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
9327537ba45096af333860b7275eb1c169de00046e1c4bd167afd1654558ccc2
9447ee4832fed751af63a62823103a2373a83499c6abf003e1425bcb976be29d
95285007eeda811cc6935e25d37ecde805957a74ba17cbbaa4c62b2c1ec602c0
99abf66fcffd8b47b231ab3ebe8236df3a3f5873a431d103700799309020fffd
9a811246367093979c01fc9ea67e8db8c1b1e5abbd10fd669d6de163702c942b
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
b369becf0ba37f90d6a988dcfa96da0b32f2aed2c828e20ddd17904d31eb402d
b6000d96b12bcecb61868b4d35c36a070d55d48532966dedaf93510db10f3113
bd12a9ad8bb6aea5099b4c95892ea2db94c807c85ab4c955cbc02c39765e0966
bd93d4ea03105303b32615b55d3281f02d3175c8b9e9175ce65caca03cd123a6
c1da61c8de4b4a8c6a2de33e434a611b688423c7b082385b90c753caa04b2e58
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
c413c881bee8925008df8f6d9c2ca47233e8e57bfb88f0a3c7c660557a41f65c
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e05e2939b5b791cf4accd8146146cb9bc11d79f24cfd74292b6e0f7a133564db
e135a470457bf253de7d5d7550cb1de073b8fe422c4912edd148c663c25d48ec
e2fe914e9503c927fa358f7c3d8426ab69f9c757f807b30143201b305375e647
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83d3dd3d510196ff11d9935f580e3748a95de98a820404472bea575bdb40bcf
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3427bc74c7330d50082c09096861d27c64cdcf5bc6fa688e20f137c8cdc062d
f4d34508fe876421cc7805046fae63ca51e8af2ad16536c62594966162771350
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b