Submitted URL: https://www.cahoot.com/security_and_privacy
Effective URL: https://www.cahoot.com/online-banking/security-and-privacy
Submission: On May 14 via api from CH

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 25 HTTP transactions. The main IP is 2a02:26f0:120::5435:8c22, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.cahoot.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on May 18th 2020. Valid for: a year.
This is the only time www.cahoot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 13 2a02:26f0:120... 20940 (AKAMAI-ASN1)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 4 34.246.133.154 16509 (AMAZON-02)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 15.237.76.117 16509 (AMAZON-02)
1 1 34.255.166.243 16509 (AMAZON-02)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
1 52.17.73.77 16509 (AMAZON-02)
25 7
Domain Requested by
13 www.cahoot.com 1 redirects www.cahoot.com
6 cdn-ukwest.onetrust.com assets.adobedtm.com
cdn-ukwest.onetrust.com
4 dpm.demdex.net 2 redirects www.cahoot.com
3 assets.adobedtm.com www.cahoot.com
assets.adobedtm.com
1 santander.demdex.net assets.adobedtm.com
1 cm.everesttech.net 1 redirects
1 smetrics.santander.co.uk assets.adobedtm.com
25 7
Subject Issuer Validity Valid
www.cahoot.com
Entrust Certification Authority - L1M
2020-05-18 -
2021-06-21
a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1
2021-01-08 -
2021-09-30
9 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2020-12-02 -
2022-01-02
a year crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA
2020-05-21 -
2022-07-27
2 years crt.sh
smetrics.santander.co.uk
DigiCert TLS RSA SHA256 2020 CA1
2021-02-01 -
2022-03-04
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.cahoot.com/online-banking/security-and-privacy
Frame ID: BA96AE1EF0EDC3F1E37B31F95FEFBDBC
Requests: 24 HTTP requests in this frame

Frame: https://santander.demdex.net/dest5.html?d_nsid=0
Frame ID: AD933F3DDB39FDA1131F974579ED4FB2
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.cahoot.com/security_and_privacy HTTP 301
    https://www.cahoot.com/online-banking/security-and-privacy Page URL

Page Statistics

25
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

7
IPs

4
Countries

494 kB
Transfer

1706 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.cahoot.com/security_and_privacy HTTP 301
    https://www.cahoot.com/online-banking/security-and-privacy Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9C3940D7546235980A4C98A2%40AdobeOrg&d_nsid=0&ts=1620954162601 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9C3940D7546235980A4C98A2%40AdobeOrg&d_nsid=0&ts=1620954162601
Request Chain 13
  • https://cm.everesttech.net/cm/dd?d_uuid=24050267118350048081351077690078692399 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YJ3MMwAAAB_Qrx0T HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YJ3MMwAAAB_Qrx0T

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request security-and-privacy
www.cahoot.com/online-banking/
Redirect Chain
  • https://www.cahoot.com/security_and_privacy
  • https://www.cahoot.com/online-banking/security-and-privacy
58 KB
18 KB
Document
General
Full URL
https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4ea9d1563dc20fecb6f7ea00f949e2a8ed86134ee8bc4b445bb14fcb0d39b92b
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.cahoot.com
:scheme
https
:path
/online-banking/security-and-privacy
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
x-ua-compatible
IE=edge
content-language
en
last-modified
Sat, 08 May 2021 12:18:03 GMT
etag
W/"1620476283"
x-xss-protection
1; mode=block
content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
content-length
16994
expires
Fri, 14 May 2021 01:02:42 GMT
date
Fri, 14 May 2021 01:02:42 GMT
vary
Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
strict-transport-security
max-age= 31536000
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

content-type
text/html
content-length
162
location
https://www.cahoot.com/online-banking/security-and-privacy
x-xss-protection
1; mode=block
content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
date
Fri, 14 May 2021 01:02:42 GMT
cache-control
no-cache, no-store, must-revalidate
strict-transport-security
max-age= 31536000
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
launch-b5d6b8e3ce0d.min.js
assets.adobedtm.com/4551817ae31c/6b3338b02191/
168 KB
48 KB
Script
General
Full URL
https://assets.adobedtm.com/4551817ae31c/6b3338b02191/launch-b5d6b8e3ce0d.min.js
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
195e8474ae4fa8f2f0b4b4a30c42117ce76fd27565638d418712c18a220573d1

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 01:02:42 GMT
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 22:57:09 GMT
server
AkamaiNetStorage
etag
"40f3dd77b5ae7be2fab47436927a22d9:1613602629.036531"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.cahoot.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
48497
expires
Fri, 14 May 2021 02:02:42 GMT
css_KvUkp9uUQK1_G9G8PRoUYlpzHicqiCsc1QRkUKxa2BI.css
www.cahoot.com/assets/s3fs-public/css/
24 KB
6 KB
Stylesheet
General
Full URL
https://www.cahoot.com/assets/s3fs-public/css/css_KvUkp9uUQK1_G9G8PRoUYlpzHicqiCsc1QRkUKxa2BI.css
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2af524a7db9440ad7f1bd1bc3d1a14625a731e272a882b1cd5046450ac5ad812
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/s3fs-public/css/css_KvUkp9uUQK1_G9G8PRoUYlpzHicqiCsc1QRkUKxa2BI.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 17 Feb 2021 23:00:07 GMT
etag
W/"d78ec34e0ef8adbbd62e0d385f9a7da9"
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
4637
x-content-type-options
nosniff
css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
www.cahoot.com/assets/s3fs-public/css/
382 KB
61 KB
Stylesheet
General
Full URL
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a7ea25bc821c36364ca5da1382bc4bb94250790f9647e75838eadf4339dbbd43
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 17 Feb 2021 22:49:54 GMT
etag
W/"a3455d0dfdb77fdaf7cb599c81d5effc"
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
60781
x-content-type-options
nosniff
table_full_width-c31d6f1b7cb933dde8936a756c6db570.css
www.cahoot.com/assets/s3fs-public/asset_injector/css/
1 KB
2 KB
Stylesheet
General
Full URL
https://www.cahoot.com/assets/s3fs-public/asset_injector/css/table_full_width-c31d6f1b7cb933dde8936a756c6db570.css?qrxrgd
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a9d67f1273114b8677a0cbc14455b067c515280089e21cc5a4f9d7170a345ff8
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/s3fs-public/asset_injector/css/table_full_width-c31d6f1b7cb933dde8936a756c6db570.css?qrxrgd
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 21 Apr 2021 22:57:26 GMT
etag
W/"c31d6f1b7cb933dde8936a756c6db570"
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
335
x-content-type-options
nosniff
logo.svg
www.cahoot.com/themes/custom/santander_cahoot/
4 KB
3 KB
Image
General
Full URL
https://www.cahoot.com/themes/custom/santander_cahoot/logo.svg
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f23f72aa451e42b478c4251e63eba8b802bc173db5e4969b0ecf2a1557d5fa45
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/themes/custom/santander_cahoot/logo.svg
pragma
no-cache
cookie
AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CvVersion%7C5.1.1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 20 Apr 2021 08:45:15 GMT
etag
W/"607e949b-1065"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
1872
x-content-type-options
nosniff
green-icon.png
www.cahoot.com/assets/s3fs-public/styles/thumbnail/public/
1 KB
3 KB
Image
General
Full URL
https://www.cahoot.com/assets/s3fs-public/styles/thumbnail/public/green-icon.png?itok=X7VRouyi
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3c2e85c399e1efa3820289c57470ca4c20ac913a5bed58a15b0b5dc8e704db18
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/s3fs-public/styles/thumbnail/public/green-icon.png?itok=X7VRouyi
pragma
no-cache
cookie
AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CvVersion%7C5.1.1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 12 Jul 2019 07:14:28 GMT
etag
"1a314bf87341c358a6da5f688a174377"
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
content-length
1518
x-content-type-options
nosniff
grey-icon.png
www.cahoot.com/assets/s3fs-public/styles/thumbnail/public/
1 KB
2 KB
Image
General
Full URL
https://www.cahoot.com/assets/s3fs-public/styles/thumbnail/public/grey-icon.png?itok=SRtfwMyq
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2a75d14f75b135b68ad6d2770eafc370e886fa901467842e98371cb8cb5eb0d7
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/s3fs-public/styles/thumbnail/public/grey-icon.png?itok=SRtfwMyq
pragma
no-cache
cookie
AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CvVersion%7C5.1.1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 12 Jul 2019 07:19:31 GMT
etag
"eea0655e13f954c280d9586dafca11d6"
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
content-length
1230
x-content-type-options
nosniff
js_4e6jhzKFhJHLZURccYufrctKw9FcLLGt2g19kC-bMfE.js
www.cahoot.com/assets/s3fs-public/js/
408 KB
110 KB
Script
General
Full URL
https://www.cahoot.com/assets/s3fs-public/js/js_4e6jhzKFhJHLZURccYufrctKw9FcLLGt2g19kC-bMfE.js
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e1eea38732858491cb65445c718b9fadcb4ac3d15c2cb1adda0d7d902f9b31f1
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/assets/s3fs-public/js/js_4e6jhzKFhJHLZURccYufrctKw9FcLLGt2g19kC-bMfE.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.cahoot.com
referer
https://www.cahoot.com/online-banking/security-and-privacy
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/online-banking/security-and-privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 20 Jan 2021 22:55:44 GMT
etag
"c3b1e0c13890f7cf04656ae85bdba2bd"
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:42 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
111148
x-content-type-options
nosniff
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9C3940D7546235980A4C98A2%40AdobeOrg&d_nsid=0&ts=1620954162601
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9C3940D7546235980A4C98A2%40AdobeOrg&d_nsid=0&ts=1620954162601
368 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9C3940D7546235980A4C98A2%40AdobeOrg&d_nsid=0&ts=1620954162601
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.133.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-133-154.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
09b4b54fac7cbad63127a81715fe835e6edb57dec6f7a91cae4a75c4485fffab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v006-02482ec7b.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
WtLFRzBHRD8=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.cahoot.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
309
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v006-090c37ff1.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.cahoot.com
X-TID
Y4aViITuTdo=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9C3940D7546235980A4C98A2%40AdobeOrg&d_nsid=0&ts=1620954162601
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/
33 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4551817ae31c/6b3338b02191/launch-b5d6b8e3ce0d.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 01:02:42 GMT
content-encoding
gzip
last-modified
Wed, 12 Aug 2020 22:09:52 GMT
server
AkamaiNetStorage
etag
"f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.cahoot.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12184
expires
Fri, 14 May 2021 02:02:42 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4551817ae31c/6b3338b02191/launch-b5d6b8e3ce0d.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 01:02:43 GMT
content-encoding
gzip
last-modified
Wed, 12 Aug 2020 22:09:52 GMT
server
AkamaiNetStorage
etag
"5dedcda2c8a6c3a51fd419d306427010:1597270192.857753"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.cahoot.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1594
expires
Fri, 14 May 2021 02:02:43 GMT
otSDKStub.js
cdn-ukwest.onetrust.com/scripttemplates/
17 KB
6 KB
Script
General
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4551817ae31c/6b3338b02191/launch-b5d6b8e3ce0d.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40f12e335914950b4f2058dbcbbee727f3f7542399ec6b2e98256480ea91aa49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 14 May 2021 01:02:42 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
jSkN56qNMXaDzbRwUxPUng==
age
3510
content-length
5801
cf-request-id
0a09febdd000004e0d4c364000000001
x-ms-lease-status
unlocked
last-modified
Tue, 27 Apr 2021 21:19:23 GMT
server
cloudflare
etag
0x8D909C220F323C7
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c93e11d2-301e-0048-23f0-471606000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
64f033dc8a5f4e0d-FRA
id
smetrics.santander.co.uk/
48 B
515 B
XHR
General
Full URL
https://smetrics.santander.co.uk/id?d_visid_ver=5.1.1&d_fieldgroup=A&mcorgid=9C3940D7546235980A4C98A2%40AdobeOrg&mid=24079363489510754201348006029100716539&ts=1620954162894
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4551817ae31c/6b3338b02191/launch-b5d6b8e3ce0d.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-76-117.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
6e84c19129fd834dfb1874f6e67d5c56b28dffa62cc940af368f8d7651ae0021
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 May 2021 01:02:43 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-5cf7d864b8-gwmnf
vary
Origin
x-c
main-1471.Ib5710b.M0-493
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.cahoot.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=24050267118350048081351077690078692399
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YJ3MMwAAAB_Qrx0T
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YJ3MMwAAAB_Qrx0T
42 B
975 B
Image
General
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YJ3MMwAAAB_Qrx0T
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/online-banking/security-and-privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.133.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-133-154.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v006-0d80e771e.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
XAPkgAxNSgg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v006-0d80e771e.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
SLOuv3hFRVs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YJ3MMwAAAB_Qrx0T
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
f10ba54f-bded-4520-8b9e-7d944c73e414.json
cdn-ukwest.onetrust.com/consent/f10ba54f-bded-4520-8b9e-7d944c73e414/
2 KB
2 KB
XHR
General
Full URL
https://cdn-ukwest.onetrust.com/consent/f10ba54f-bded-4520-8b9e-7d944c73e414/f10ba54f-bded-4520-8b9e-7d944c73e414.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba4c771ba8155bc160cb5f4eabcef8c93c01495fc7f679bb8de6ae894395b0ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 14 May 2021 01:02:43 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
qzWDyTBeWRHAiOThOObxQQ==
age
1906
content-length
1023
cf-request-id
0a09febf9300001782c2a28000000001
x-ms-lease-status
unlocked
last-modified
Wed, 01 Jul 2020 13:07:42 GMT
server
cloudflare
etag
0x8D81DBFBD10DD84
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
41effcc7-001e-004b-28f4-471501000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
64f033df4f781782-FRA
fscs-red.svg
www.cahoot.com/themes/custom/santander_vanilla/images/
17 KB
8 KB
Image
General
Full URL
https://www.cahoot.com/themes/custom/santander_vanilla/images/fscs-red.svg
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e37cb5f1bb02f42be0bdacf4decdbc5c7f914b420ed6e60219e938602f34c74f
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/themes/custom/santander_vanilla/images/fscs-red.svg
pragma
no-cache
cookie
AMCVS_9C3940D7546235980A4C98A2%40AdobeOrg=1; AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CMCMID%7C24079363489510754201348006029100716539%7CMCAAMLH-1621558962%7C6%7CMCAAMB-1621558962%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1620961362s%7CNONE%7CvVersion%7C5.1.1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cahoot.com
referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 20 Apr 2021 08:45:15 GMT
etag
W/"607e949b-437f"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:43 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
7133
x-content-type-options
nosniff
take-five.svg
www.cahoot.com/themes/custom/santander_vanilla/images/
16 KB
8 KB
Image
General
Full URL
https://www.cahoot.com/themes/custom/santander_vanilla/images/take-five.svg
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7b56d88ebc5fa76c8f0d740e3588519e9b52284c2ae110c1415fb83fa162a6c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/themes/custom/santander_vanilla/images/take-five.svg
pragma
no-cache
cookie
AMCVS_9C3940D7546235980A4C98A2%40AdobeOrg=1; AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CMCMID%7C24079363489510754201348006029100716539%7CMCAAMLH-1621558962%7C6%7CMCAAMB-1621558962%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1620961362s%7CNONE%7CvVersion%7C5.1.1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cahoot.com
referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 20 Apr 2021 08:45:15 GMT
etag
W/"607e949b-3fc5"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:43 GMT
strict-transport-security
max-age= 31536000
vary
Accept-Encoding
content-length
7024
x-content-type-options
nosniff
SantanderText-Regular.woff2
www.cahoot.com/assets/s3fs-public/fonts/
46 KB
47 KB
Font
General
Full URL
https://www.cahoot.com/assets/s3fs-public/fonts/SantanderText-Regular.woff2
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://beaker.santanderuk.pre.corp https://*.cahoot.com https://santander.demdex.net 'unsafe-eval'; script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://beaker.santanderuk.pre.corp https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://beaker.santanderuk.pre.corp https://dpm.demdex.net https://*.cahoot.com 'unsafe-eval'; img-src 'self' service.maxymiser.net 'unsafe-inline' https://beaker.santanderuk.pre.corp https://*.cahoot.com 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://www.cahoot.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
AMCVS_9C3940D7546235980A4C98A2%40AdobeOrg=1; AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CMCMID%7C24079363489510754201348006029100716539%7CMCAAMLH-1621558962%7C6%7CMCAAMB-1621558962%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1620961362s%7CNONE%7CvVersion%7C5.1.1
:path
/assets/s3fs-public/fonts/SantanderText-Regular.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.cahoot.com
referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.cahoot.com
Referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://beaker.santanderuk.pre.corp https://*.cahoot.com https://santander.demdex.net 'unsafe-eval'; script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://beaker.santanderuk.pre.corp https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://beaker.santanderuk.pre.corp https://dpm.demdex.net https://*.cahoot.com 'unsafe-eval'; img-src 'self' service.maxymiser.net 'unsafe-inline' https://beaker.santanderuk.pre.corp https://*.cahoot.com 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self';
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 21 Jun 2019 14:44:58 GMT
etag
"b5c81b2c51684e71cf46ac7318611e90"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:43 GMT
strict-transport-security
max-age= 31536000
content-length
46640
x-content-type-options
nosniff
SantanderHeadline-Rg.woff2
www.cahoot.com/assets/s3fs-public/fonts/
46 KB
47 KB
Font
General
Full URL
https://www.cahoot.com/assets/s3fs-public/fonts/SantanderHeadline-Rg.woff2
Requested by
Host: www.cahoot.com
URL: https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:120::5435:8c22 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8
Security Headers
Name Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://beaker.santanderuk.pre.corp https://*.cahoot.com https://santander.demdex.net 'unsafe-eval'; script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://beaker.santanderuk.pre.corp https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://beaker.santanderuk.pre.corp https://dpm.demdex.net https://*.cahoot.com 'unsafe-eval'; img-src 'self' service.maxymiser.net 'unsafe-inline' https://beaker.santanderuk.pre.corp https://*.cahoot.com 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://www.cahoot.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
AMCVS_9C3940D7546235980A4C98A2%40AdobeOrg=1; AMCV_9C3940D7546235980A4C98A2%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CMCMID%7C24079363489510754201348006029100716539%7CMCAAMLH-1621558962%7C6%7CMCAAMB-1621558962%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1620961362s%7CNONE%7CvVersion%7C5.1.1
:path
/assets/s3fs-public/fonts/SantanderHeadline-Rg.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.cahoot.com
referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://www.cahoot.com
Referer
https://www.cahoot.com/assets/s3fs-public/css/css_p-olvIIcNjZMpdoTgrxLuUJQeQ-WR-dYOOrfQznbvUM.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://beaker.santanderuk.pre.corp https://*.cahoot.com https://santander.demdex.net 'unsafe-eval'; script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://beaker.santanderuk.pre.corp https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://beaker.santanderuk.pre.corp https://dpm.demdex.net https://*.cahoot.com 'unsafe-eval'; img-src 'self' service.maxymiser.net 'unsafe-inline' https://beaker.santanderuk.pre.corp https://*.cahoot.com 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self';
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 21 Jun 2019 14:44:57 GMT
etag
"7edeeb72b08ff9b8b0356514331a4cc4"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, must-revalidate
date
Fri, 14 May 2021 01:02:43 GMT
strict-transport-security
max-age= 31536000
content-length
46788
x-content-type-options
nosniff
dest5.html
santander.demdex.net/ Frame AD93
7 KB
3 KB
Document
General
Full URL
https://santander.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4551817ae31c/6b3338b02191/launch-b5d6b8e3ce0d.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.73.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
santander.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.cahoot.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=24050267118350048081351077690078692399
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.cahoot.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Fri, 14 May 2021 01:02:43 GMT
DCS
dcs-prod-irl1-1-v006-0f471412e.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Tue, 11 May 2021 11:18:09 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
Id1DBIDVSlE=
Content-Length
2791
Connection
keep-alive
otBannerSdk.js
cdn-ukwest.onetrust.com/scripttemplates/6.2.0/
325 KB
73 KB
Script
General
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.2.0/otBannerSdk.js
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
614305ee414f9b73b89b32101c278293814beb310525293d2c24f35c1cd9de0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 14 May 2021 01:02:43 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
Faq6ojkjeFBEt00AhvcPjA==
age
2456
content-length
74051
cf-request-id
0a09fec16f00004e0d7b013000000001
x-ms-lease-status
unlocked
last-modified
Wed, 24 Jun 2020 21:26:27 GMT
server
cloudflare
etag
0x8D8188540DFE6C1
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
66a49321-301e-0025-02f0-47bc28000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
64f033e24a914e0d-FRA
en.json
cdn-ukwest.onetrust.com/consent/f10ba54f-bded-4520-8b9e-7d944c73e414/9a6a1490-0f2c-485f-8d71-7b79eac0c7ea/
29 KB
8 KB
Fetch
General
Full URL
https://cdn-ukwest.onetrust.com/consent/f10ba54f-bded-4520-8b9e-7d944c73e414/9a6a1490-0f2c-485f-8d71-7b79eac0c7ea/en.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d809dfe54606dfd4a979b80cac1a25b95867d04c7a443d39e78568b534bb36e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 14 May 2021 01:02:43 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
Jwp9zZ3WpLFltJKkOxm8Vg==
age
1906
content-length
7707
cf-request-id
0a09fec20900001782182de000000001
x-ms-lease-status
unlocked
last-modified
Wed, 01 Jul 2020 13:07:43 GMT
server
cloudflare
etag
0x8D81DBFBDEC09B7
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
92519be6-a01e-0002-21f4-472661000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
64f033e34b5a1782-FRA
otCenterRounded.json
cdn-ukwest.onetrust.com/scripttemplates/6.2.0/assets/
18 KB
3 KB
Fetch
General
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.2.0/assets/otCenterRounded.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d7925b6d4629b816065b4d6d58957d73768670a665416b4473da6a2b212ec09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 14 May 2021 01:02:43 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
icaffVBa9WOW+tc10GK/Qw==
age
1906
content-length
3126
cf-request-id
0a09fec244000017820bbfa000000001
x-ms-lease-status
unlocked
last-modified
Wed, 24 Jun 2020 21:26:16 GMT
server
cloudflare
etag
0x8D818853AC1299E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
7959e003-501e-0017-69f4-47e4f8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
64f033e3abb51782-FRA
otPcCenter.json
cdn-ukwest.onetrust.com/scripttemplates/6.2.0/assets/
100 KB
21 KB
Fetch
General
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.2.0/assets/otPcCenter.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10ab566c9fb0560fc9b7690af2b2a06cb4ce5af583a6e9796d1ece57c702c5e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.cahoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 14 May 2021 01:02:43 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
khu7UrcWK2GuRVvI036GCQ==
age
1399
content-length
20976
cf-request-id
0a09fec25100001782a423b000000001
x-ms-lease-status
unlocked
last-modified
Wed, 24 Jun 2020 21:26:16 GMT
server
cloudflare
etag
0x8D818853AA732A6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d603e2dd-801e-0015-29f4-47e602000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
64f033e3bbc71782-FRA

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| digitalData object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper function| cookiePreference function| _toConsumableArray object| Drupal undefined| $ function| jQuery function| _ object| drupalSettings object| defaults function| Attributes object| lazySizesConfig object| lazySizes object| otStubData function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap object| Optanon object| OneTrust

4 Cookies

Domain/Path Name / Value
.cahoot.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+May+14+2021+03%3A02%3A43+GMT%2B0200+(Central+European+Summer+Time)&version=6.2.0&landingPath=https%3A%2F%2Fwww.cahoot.com%2Fonline-banking%2Fsecurity-and-privacy
.demdex.net/ Name: demdex
Value: 32448499065964645093953842951624241114
.cahoot.com/ Name: AMCV_9C3940D7546235980A4C98A2%40AdobeOrg
Value: -637568504%7CMCIDTS%7C18762%7CMCMID%7C24079363489510754201348006029100716539%7CMCAAMLH-1621558962%7C6%7CMCAAMB-1621558962%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1620961363s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18769%7CvVersion%7C5.1.1
.cahoot.com/ Name: AMCVS_9C3940D7546235980A4C98A2%40AdobeOrg
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self';
Strict-Transport-Security max-age= 31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn-ukwest.onetrust.com
cm.everesttech.net
dpm.demdex.net
santander.demdex.net
smetrics.santander.co.uk
www.cahoot.com
15.237.76.117
2606:4700:10::6814:b844
2606:4700:10::6814:b944
2a02:26f0:120::5435:8c22
2a02:26f0:6c00:28a::1e80
34.246.133.154
34.255.166.243
52.17.73.77
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2
09b4b54fac7cbad63127a81715fe835e6edb57dec6f7a91cae4a75c4485fffab
10ab566c9fb0560fc9b7690af2b2a06cb4ce5af583a6e9796d1ece57c702c5e8
195e8474ae4fa8f2f0b4b4a30c42117ce76fd27565638d418712c18a220573d1
1d7925b6d4629b816065b4d6d58957d73768670a665416b4473da6a2b212ec09
2a75d14f75b135b68ad6d2770eafc370e886fa901467842e98371cb8cb5eb0d7
2af524a7db9440ad7f1bd1bc3d1a14625a731e272a882b1cd5046450ac5ad812
3c2e85c399e1efa3820289c57470ca4c20ac913a5bed58a15b0b5dc8e704db18
40f12e335914950b4f2058dbcbbee727f3f7542399ec6b2e98256480ea91aa49
4ea9d1563dc20fecb6f7ea00f949e2a8ed86134ee8bc4b445bb14fcb0d39b92b
535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8
5d809dfe54606dfd4a979b80cac1a25b95867d04c7a443d39e78568b534bb36e
614305ee414f9b73b89b32101c278293814beb310525293d2c24f35c1cd9de0a
6e84c19129fd834dfb1874f6e67d5c56b28dffa62cc940af368f8d7651ae0021
7b56d88ebc5fa76c8f0d740e3588519e9b52284c2ae110c1415fb83fa162a6c0
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
a7ea25bc821c36364ca5da1382bc4bb94250790f9647e75838eadf4339dbbd43
a9d67f1273114b8677a0cbc14455b067c515280089e21cc5a4f9d7170a345ff8
ba4c771ba8155bc160cb5f4eabcef8c93c01495fc7f679bb8de6ae894395b0ec
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
e1eea38732858491cb65445c718b9fadcb4ac3d15c2cb1adda0d7d902f9b31f1
e37cb5f1bb02f42be0bdacf4decdbc5c7f914b420ed6e60219e938602f34c74f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f23f72aa451e42b478c4251e63eba8b802bc173db5e4969b0ecf2a1557d5fa45