urlscan.io logo urlscan.io
SecurityTrails logo

starlingbank.perkbox.com Open in urlscan Pro
54.229.243.242  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ablink.notify.perkbox.com/ss/c/u001.Lvll106ju3SkAjx6b5tHbXJQdU7yXnI6zqLErhsg_0JKw8LoaqQenjabMx132XCWrqnr9BryGIMVpIAkEU9WAg...
Effective URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Submission: On July 14 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 11 domains to perform 43 HTTP transactions. The main IP is 54.229.243.242, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is starlingbank.perkbox.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 14th 2024. Valid for: a year.
This is the only time starlingbank.perkbox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:223... 16509 (AMAZON-02)
3 54.229.243.242 16509 (AMAZON-02)
21 13.224.189.16 16509 (AMAZON-02)
1 18.245.31.102 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 130.211.16.248 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.224.189.18 16509 (AMAZON-02)
5 18.245.86.68 16509 (AMAZON-02)
2 18.245.46.19 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 34.232.10.23 14618 (AMAZON-AES)
1 35.186.241.51 15169 (GOOGLE)
43 13
1    2600:9000:223c:1c00:4:5ba1:640:93a1 (United States)

ASN16509 (AMAZON-02, US)
ablink.notify.perkbox.com
3    54.229.243.242 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-243-242.eu-west-1.compute.amazonaws.com
starlingbank.perkbox.com
21    13.224.189.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-16.fra2.r.cloudfront.net
cdn.perkbox.com
1    18.245.31.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-102.fra56.r.cloudfront.net
cdn.checkout.com
1    2a00:1450:400c:c1f::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
3    130.211.16.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.16.211.130.bc.googleusercontent.com
cdn.coview.com
app.coview.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.224.189.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-18.fra2.r.cloudfront.net
widget.intercom.io
5    18.245.86.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-68.fra60.r.cloudfront.net
api.production.eu-west-1.perkbox.services
2    18.245.46.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-19.fra56.r.cloudfront.net
js.intercomcdn.com
1    2606:4700::6811:ca01 (United States)

ASN13335 (CLOUDFLARENET, US)
res.cloudinary.com
2    34.232.10.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-10-23.compute-1.amazonaws.com
api-iam.intercom.io
1    35.186.241.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.241.186.35.bc.googleusercontent.com
api-js.mixpanel.com
Apex Domain
Subdomains		 Transfer
25 perkbox.com
ablink.notify.perkbox.com
starlingbank.perkbox.com
cdn.perkbox.com — Cisco Umbrella Rank: 571835
3 MB
5 perkbox.services
api.production.eu-west-1.perkbox.services — Cisco Umbrella Rank: 414958
4 KB
3 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 2784
api-iam.intercom.io — Cisco Umbrella Rank: 2756
9 KB
3 coview.com
cdn.coview.com — Cisco Umbrella Rank: 144845
app.coview.com — Cisco Umbrella Rank: 120174
12 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 3918
283 KB
1 mixpanel.com
api-js.mixpanel.com — Cisco Umbrella Rank: 2243
379 B
1 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 3426
5 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 72
78 KB
1 google.com
accounts.google.com — Cisco Umbrella Rank: 44
84 KB
1 checkout.com
cdn.checkout.com — Cisco Umbrella Rank: 63355
31 KB
0 ibb.co Failed
i.ibb.co Failed
43 11
Domain Requested by
21 cdn.perkbox.com starlingbank.perkbox.com
cdn.perkbox.com
5 api.production.eu-west-1.perkbox.services cdn.perkbox.com
3 starlingbank.perkbox.com cdn.perkbox.com
2 api-iam.intercom.io js.intercomcdn.com
2 js.intercomcdn.com widget.intercom.io
2 app.coview.com cdn.coview.com
1 api-js.mixpanel.com cdn.perkbox.com
1 res.cloudinary.com
1 widget.intercom.io cdn.perkbox.com
1 www.googletagmanager.com cdn.perkbox.com
1 cdn.coview.com cdn.perkbox.com
1 accounts.google.com cdn.perkbox.com
1 cdn.checkout.com starlingbank.perkbox.com
1 ablink.notify.perkbox.com 1 redirects
0 i.ibb.co Failed starlingbank.perkbox.com
43 15

This site contains links to these domains. Also see Links.

Domain
help.perkbox.com
Subject Issuer Validity Valid
*.perkbox.com
Amazon RSA 2048 M02		 2024-02-14 -
2025-03-15		 a year crt.sh
cdn.perkbox.com
Amazon RSA 2048 M03		 2024-05-08 -
2025-06-06		 a year crt.sh
*.checkout.com
Amazon RSA 2048 M02		 2024-06-16 -
2025-07-15		 a year crt.sh
accounts.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
app.coview.com
WR3		 2024-07-08 -
2024-10-06		 3 months crt.sh
*.google-analytics.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
api.production.eu-west-1.perkbox.services
Amazon RSA 2048 M02		 2023-10-14 -
2024-11-09		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2024-04-23 -
2025-05-25		 a year crt.sh
*.mixpanel.com
GeoTrust TLS RSA CA G1		 2024-02-08 -
2025-03-10		 a year crt.sh

This page contains 3 frames:

Primary Page: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Frame ID: 094A51531EF140C5DEC00884E3A1839B
Requests: 36 HTTP requests in this frame

Frame: https://app.coview.com/api/client-info/launcher
Frame ID: D6072E393CDD4A5D69C7D86F7E7A7E07
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.ffa25381.js
Frame ID: 800022B09B9FC7D52F56447F38735482
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Perkbox

Page URL History Show full URLs

  1. https://ablink.notify.perkbox.com/ss/c/u001.Lvll106ju3SkAjx6b5tHbXJQdU7yXnI6zqLErhsg_0JKw8LoaqQenjabMx132XCWrq... HTTP 302
    https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

43
Requests

98 %
HTTPS

31 %
IPv6

11
Domains

15
Subdomains

13
IPs

5
Countries

3105 kB
Transfer

11233 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ablink.notify.perkbox.com/ss/c/u001.Lvll106ju3SkAjx6b5tHbXJQdU7yXnI6zqLErhsg_0JKw8LoaqQenjabMx132XCWrqnr9BryGIMVpIAkEU9WAgg1XM1vVh5czAUgDWxEIsH5IYMRlfD-oUN0oRzShbcRXmiQavCFEaqcMr9Bp2gpT7yOERYtIr1DcY1OhzGYgUk/47z/vieZvZplQU6Bs4MplAAsUQ/h6/h001.0bOvAvLAMayDhvlHT0YvLRccOGHzRyq1EyB3Jvi-xSQ HTTP 302
    https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://image.ibb.co/jDB7fm/logo_small.png HTTP 301
  • https://i.ibb.co/THm67QG/logo-small.png

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request onboard
starlingbank.perkbox.com/
Redirect Chain
  • https://ablink.notify.perkbox.com/ss/c/u001.Lvll106ju3SkAjx6b5tHbXJQdU7yXnI6zqLErhsg_0JKw8LoaqQenjabMx132XCWrqnr9BryGIMVpIAkEU9WAgg1XM1vVh5czAUgDWxEIsH5IYMRlfD-oUN0oRzShbcRXmiQavCFEaqcMr9Bp2gpT7yOE...
  • https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
2 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.229.243.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-243-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0ca91ce82d8654871cbadfe58e590cf9c3683fc7c7a51ac4e1a4208789d988f5
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
1828
Content-Type
text/html; charset=utf-8
Date
Sun, 14 Jul 2024 11:51:31 GMT
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
etag
W/"724-nESq+TW+3lPiJXpDtQ1dbDzUnWw"
expires
0
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
surrogate-control
no-store
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0

Redirect headers

content-length
142
content-type
text/html; charset=utf-8
date
Sun, 14 Jul 2024 11:51:31 GMT
location
https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
server
nginx
via
1.1 e9101023ffbe04130b9d4cac0cf9eebc.cloudfront.net (CloudFront)
x-amz-cf-id
-baXv0JqFrGUKV0ENGvrx2Z5sbw5h5ok_AVlWEw3GVOIs_-Xspn5Ww==
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
x-robots-tag
noindex, nofollow
bootstrap.min.css
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/vendor/ 		119 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/vendor/bootstrap.min.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d189a49b9758133fe7e6e82a301d5274be027f4c43d9dc7cae964c7ace022e64
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:54 GMT
server
AmazonS3
etag
W/"321f6002ece6d60f39a1ecbb16edf5bf"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
EsiVOCFM0ordigoEx-wqjTpqReBnIHxLKl8jEvKDDYPpAFNagrESTQ==
global.css
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbe0fdb86f92359551dfd3817891f92c8113e1e5617b204433a59e6b0f8c0b41
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250160
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
W/"ebc365ef641888303e2833e744ab28a4"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
WlraE4Xn-CbF4NupskxQRiYo7MyoGy9FkitozqGTLussNgRtUfnYow==
perkbox-icons.css
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/perkbox-icons.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4748e68c5c9f2b769a0872355d5603955d5875fc2741648c14673008140a848e
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
W/"3c2dd658432233972c16bdf257b325e8"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
9nhFTPU6Wd5DOUNMYOYjZwaFM4ZblsK5KWC9gQHeK2uJOdAAmk5oXQ==
font-awesome.css
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/ 		36 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/font-awesome.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2e6992699efb87895cae41af6253b8cb9892c37330980200fc0b146c38180a91
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
W/"22d64b3ecdb061be04e177f7930ce4f0"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
wsnrJ-njVRjOMXkkby9cNgIOwt_eTonPLFYSSF6ft_aOvNtsuTwltA==
framesv2.min.js
cdn.checkout.com/js/ 		84 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.checkout.com/js/framesv2.min.js
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-102.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
1237249e975f5713faed7c076a51093526b2e13763eba02a2850edf160c67c3b

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 03:45:27 GMT
content-encoding
gzip
via
1.1 64c8688da1fd73389eb91af90ae83792.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P8
age
45612
etag
W/"14ee8-J/87nN3b7VXEh8nzwd2JeMfbJYk"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache
x-amz-cf-id
zvlWYXS2XVwD6HLPNgSUxHweJzLfUMnIg0OKYJcPWo1N0qvRYK2JVw==
color-thief.min.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/vendor/color-thief.min.js
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a710ca056816b88c87eaad04d958126a7514f5878d09ad40b62fc41f373cf37e
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:54 GMT
server
AmazonS3
etag
W/"cac6b812a1349b4b8bde12d5219ac1e6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
ohFD9EBAuiSSY6f-bhoUEGxYHGh9x3rb0ixVjY0dEY7kAQkQsjFc_A==
main.f534791c.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/ 		2 MB
606 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20849d2b50b3edf7044f40ca416ab01fef78ffef7e1d116ad60cd7f29f9a1d2f
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:52 GMT
server
AmazonS3
etag
W/"035cab1c476598ddbcee92658e6fa12c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
WTuzL1r6ITDOrsVEJU5jDeZIXONwDk7rXoNBw0v-d3aWWxCULZMh6w==
client
accounts.google.com/gsi/ 		221 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1f::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f7e929dea137e6fdf0b56cd040dda163d3f96e0e2f983bde675bcacb7c7b2684
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-OIdAehgA66tTUIQlPZniUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 11:51:32 GMT
content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-OIdAehgA66tTUIQlPZniUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Sun, 14 Jul 2024 11:51:32 GMT
coview.js
cdn.coview.com/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.coview.com/coview.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a22afd0fcabd4edfe3cacba60bea89eb10b2b904f670ff1309eae071c6130e92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 11:51:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Dec 2022 06:26:32 GMT
via
1.1 google
etag
W/"26888-1671690392000"
x-frame-options
DENY
vary
accept-encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
Public, max-age=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sun, 14 Jul 2024 12:51:33 GMT
gtm.js
www.googletagmanager.com/ 		216 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W53DNG4
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0e08b76e6210cad1d5b9671d69bb4117ed723df5357b41778694114c940a9fa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 11:51:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79960
x-xss-protection
0
last-modified
Sun, 14 Jul 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 14 Jul 2024 11:51:33 GMT
vendors~devTools~global~internal~tenant.880c469f.chunk.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/ 		1 MB
262 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/vendors~devTools~global~internal~tenant.880c469f.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6eadd2e60c55d064e6b6391cf4e2c6131b6529f1857836db5f5ccc3a38704092
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:14 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:52 GMT
server
AmazonS3
etag
W/"95b33e57e2b347add59b68d44763b6b9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
r8QLHLFymTKPfH5C0IFGzPwcTO5RIPHSJhFSmmcwuubo_gf4v5SJAA==
1.1ec9f0ac.chunk.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/ 		133 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/1.1ec9f0ac.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9fe2ec18456117227f344489f6d36f3dafe55728c898e6dd254aca45ad9000af
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:14 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:51 GMT
server
AmazonS3
etag
W/"b509ee427f5b67290a6b89c57a946bb1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
8DyKk4hLT-OKiuQL_Jci95WDnHCol08c78rvdH_nV3tqSukF2Hoo0g==
2.617fb05b.chunk.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/2.617fb05b.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96cfc9bbe858745e61568a63d7f63da7ba110e8a0fceff7ba3a16560fa5cf8ad
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:14 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:52 GMT
server
AmazonS3
etag
W/"b53df9dfa5ccbb059cec630bf0d4e536"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
r7QC4QnOXjxEzho9hzNp9El2jFtTAaUrR4fueUqmPJhHm9XtUiAKTA==
vendors~global~internal~tenant.7f1237fe.chunk.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/ 		70 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/vendors~global~internal~tenant.7f1237fe.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
087819026e90a3dd167a484e819536b983dc4712f084980d3c446688e89b025f
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:14 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250159
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:52 GMT
server
AmazonS3
etag
W/"06a634c8fb90149329be4b7d946034b8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
pB44QrUMQPX4x3r6aWONFh2lcD7WXZQtCnrrPYst-Dsn1pY5cD6cdw==
tenant.82138ab8.chunk.js
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/tenant.82138ab8.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e7aaaeae94ba853552cc6376fc635210def3eb3240de93d6f6c73e22ca5016b8
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:23:04 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
250109
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:52 GMT
server
AmazonS3
etag
W/"91dd14e4e2a470bd12db13d1a57be8a7"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
4ik7G3XxAAH9jnCdDdNm-BEV7Iu7paWkZye_CPgzxT7fnkozVOph-g==
logo-small.png
i.ibb.co/THm67QG/
Redirect Chain
  • https://image.ibb.co/jDB7fm/logo_small.png
  • https://i.ibb.co/THm67QG/logo-small.png
0
0
WorkSans-Regular.woff2
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/WorkSans-Regular.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c46b18a1ccba221be436881e1649ef1bfd1e656184fcd535e84bc77c77e8e5d
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Origin
https://starlingbank.perkbox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 16:07:46 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
243828
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17912
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
"4116d9a86a2889032aaca45779a997ca"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
P_9Duo37qDQcv-ak74nQ--eKkudehjmhUA6-ZdyQPhGDz2S1_N_eiQ==
launcher
app.coview.com/api/client-info/ Frame D607 		490 B
474 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.coview.com/api/client-info/launcher
Requested by
Host: cdn.coview.com
URL: https://cdn.coview.com/coview.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
c937c4e8d97c6c6f81863e391c797a5c51ec160702a1fcd75983c3eb595295d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/json;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 14 Jul 2024 11:51:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 google
x-frame-options
DENY
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://starlingbank.perkbox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
launcher
app.coview.com/api/client-info/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.coview.com/api/client-info/launcher
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://starlingbank.perkbox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,POST,PUT,OPTIONS,HEAD,DELETE
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
application/json
date
Sun, 14 Jul 2024 11:51:33 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
account.json
cdn.perkbox.com/locale/web/en-gb/ 		12 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/account.json?37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
798ba5c46d40676982a0059d12bbac0dd6b7b55f9cef4f302331cfb53e93dbca
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Sun, 14 Jul 2024 11:51:36 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Jul 2024 15:40:33 GMT
server
AmazonS3
etag
W/"80b29d3d9c5d00640dc254d814b3c585"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
KUZymAtl2YkYab6x36nAUycUW5sJAHe23fAGNPRly5y1DtsV5nVOkw==
platform.json
cdn.perkbox.com/locale/web/en-gb/ 		98 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/platform.json?37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f49de231ec0ba92400043e8d5a84d5b3dd736ff4df685c1383f00e596fff2311
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 11:51:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Jul 2024 15:40:33 GMT
server
AmazonS3
etag
W/"67502c75e6e80df7d0c5d1a932b6a5d7"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
jPNUPV-145uOUvWRObYAaiNLgNYzX37nhxAZ-mvCRvYdGElXvMJ9hQ==
errors.json
cdn.perkbox.com/locale/web/en-gb/ 		73 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/errors.json?37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
878b7c2731d722e5d9399ec1e73e2d74c4c6418550bfa7b773352328c0f366cf
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Sun, 14 Jul 2024 11:51:36 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Jul 2024 15:40:33 GMT
server
AmazonS3
etag
W/"5de8705f3e13b05934ee16f3a20c9f4d"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
rkQlL9oE5GHO9LWkMKTN1WqatouK81Cp3Z3PggFA7glHYshXWYS6WA==
effyqzrr
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/effyqzrr
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-18.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d321d12ca906688c7bef57537cfeedcd59241789f2a674176f80afb5235933ce

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
lPX32UmmcNTQ4ZiZqzuDPhN0syPCsc8c
content-encoding
gzip
via
1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront)
date
Sun, 14 Jul 2024 11:48:28 GMT
x-amz-cf-pop
FRA2-C1
age
235
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2670
last-modified
Fri, 12 Jul 2024 15:15:17 GMT
server
AmazonS3
etag
"9bf00b50d4e48361e0e2a44fe7418e71"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
8VDOUl8vEm4UBFzBL_uLCPWpUyHHjamv32sPrrsxJoVbOzoQeuX_VQ==
favicon.ico
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/ 		31 KB
32 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
881baca7ef2db6c824c6b4b68adc2a135207e4a72d05881585bd5807531b1924
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:22:15 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
250161
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
32038
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
"484ca5bc6a6060dc5fadf73257ed0a28"
content-type
image/vnd.microsoft.icon
cache-control
max-age=2592000,public
accept-ranges
bytes
x-amz-cf-id
-oHOJB1q9K4mSWKwvi0a2eBIsHlAw6YIIgsagl0o3X_5CzlqVR1_VQ==
WorkSans-Medium.woff2
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/WorkSans-Medium.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05767a03c3f73ebd335b167630feb53617581c5489f9e7c46a7ed4ff374f2e6f
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Origin
https://starlingbank.perkbox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 16:07:47 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
243829
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18820
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
"30853c52ed840fcce98b892b6af2f790"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
-DG6cQx1ZxJXKwy6VDINTmXxfeffECM5KuUsdbNHieN0Lolkk-xqBQ==
WorkSans-Bold.woff2
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/WorkSans-Bold.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ec04cae0d225b48861b4763dcfe8a3be504dfcf78e2336eefc8fc0bd99760ef8
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Origin
https://starlingbank.perkbox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 16:07:47 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
243829
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18784
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
"3367f941f126098953b86681002b2d5c"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
EaijnfIZNQRrWclgHTRpCk7PMegdPzuXv5Ge7H4WQ0i30JHgaX-MKA==
v1
api.production.eu-west-1.perkbox.services/graphql/ 		126 B
803 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-68.fra60.r.cloudfront.net
Software
/ Express
Resource Hash
6ae913c52cb68ebb3b088c29ecd2a05afea5f43e9d547ffc695ed5fae15aa9e4

Request headers

Accept
application/json, text/plain, */*
apollographql-client-name
web
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 14 Jul 2024 11:51:36 GMT
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
126
x-amz-cf-pop
FRA60-P6
x-amzn-requestid
6cf15c27-7204-4028-908e-d0702f645a4c
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
a5pHUEXsDoEEQ8g=
content-length
126
pragma
no-cache
x-correlation-uuid
bdd302f7c2605505d19d935c104c7407
etag
W/"7e-qTesIZimdUdb3YW8aWtD2OY5Qxo"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Sun, 14 Jul 2024 11:51:36 GMT
x-amz-cf-id
PW4xbCk_y6fJZ2Fvc2PKNv8LngXvV3v5WJ5WnnAN_RPyorVka38ctA==
expires
-1
v1
api.production.eu-west-1.perkbox.services/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-68.fra60.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type
Access-Control-Request-Method
POST
Origin
https://starlingbank.perkbox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Correlation-UUID,X-Platform-UUID,X-User-UUID,X-Tenant-UUID,Content-Type,Authorization,If-Match,apollographql-client-version,apollographql-client-name,x-pb-channel,x-pb-show-premium-wellness,x-pb-features
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
access-control-max-age
1728000
cache-control
max-age=300,public
date
Sun, 14 Jul 2024 11:51:36 GMT
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-apigw-id
a5pHTEPXjoEEmOg=
x-amz-cf-id
lwK0VQ1UUkWBiPCnV53l7k39kHaAWt4JtF5aexQtpc4FpVV0nDz1PA==
x-amz-cf-pop
FRA60-P6
x-amzn-requestid
50e9d548-0d0d-4b41-964c-27762b2a3860
x-cache
Miss from cloudfront
get-credentials
starlingbank.perkbox.com/api/v1/ 		2 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/get-credentials
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.229.243.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-243-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
Fcb3BVWA-paj-tkVjPgCYqugJnXCRAJYnkCY
Referer
https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Date
Sun, 14 Jul 2024 11:51:36 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
v1
api.production.eu-west-1.perkbox.services/graphql/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-68.fra60.r.cloudfront.net
Software
/ Express
Resource Hash
95079e887274af4f16b802e8182ae561e26190c114f5eb6483b4c874d74be77e

Request headers

apollographql-client-name
web
x-pb-features
Merchandise,GroupCelebration
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
x-pb-channel
web
x-pb-show-premium-wellness
true

Response headers

date
Sun, 14 Jul 2024 11:51:36 GMT
content-encoding
gzip
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
3483
x-amz-cf-pop
FRA60-P6
x-amzn-requestid
73652982-026a-4020-a3a8-351b55506053
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
a5pHVFmiDoEEH2g=
content-length
887
pragma
no-cache
x-correlation-uuid
6e64a39a2e815253f897e570b61e0cc0
etag
W/"d9b-IRDvzR6ZqzT3KPjrx9ehP0R6T8o"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Sun, 14 Jul 2024 11:51:36 GMT
x-amz-cf-id
ZHy0UT3dVjmWTdQ_69MvSZwJxjQ31b3WoWP0cWduk5ezBPDsYsJftA==
expires
-1
frame-modern.ffa25381.js
js.intercomcdn.com/ Frame 8000 		459 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.ffa25381.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/effyqzrr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-19.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6be4cade8066f237d5b5795e799c95eeaa58b2f30078e0c6a0c083b10d5b4ac2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
X.o3k4bTog6ArasV5LVA0UgBLrXx23mh
content-encoding
gzip
via
1.1 77e414816706879c16a3707f261f0b5a.cloudfront.net (CloudFront)
date
Sun, 14 Jul 2024 11:15:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
2176
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
141111
last-modified
Fri, 12 Jul 2024 15:12:10 GMT
server
AmazonS3
etag
"cd31ec047771bea077df934b0d56b2b2"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
BW2Ar_fkxxjXQNuM-FYuv5tGbuDcUTrFs6nRxoTVyhO7iI9Bw2NJmg==
vendor-modern.bc52aebd.js
js.intercomcdn.com/ Frame 8000 		455 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.bc52aebd.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/effyqzrr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-19.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
eea9f67534400ce075ffffb3d0f45c43300e6c6e244d5b566dca5fedb480e087
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Mw1h9i8Md7P3qjd15fFHiY3cqmFJcVuL
content-encoding
gzip
via
1.1 77e414816706879c16a3707f261f0b5a.cloudfront.net (CloudFront)
date
Sun, 14 Jul 2024 11:17:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
2027
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
147287
last-modified
Thu, 04 Jul 2024 09:15:11 GMT
server
AmazonS3
etag
"045ab66ea0acdc79774f2aae33a45b67"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
f_Ae6TVLTig9tje1EjwW7Ijf89GNK_y-bEoIBb2P6Jnr_v1BSBMYJw==
onboarding.json
cdn.perkbox.com/locale/web/en-gb/ 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/onboarding.json?37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8be36a2bdae89e7593118ff285cd112c9d0056acf2bbde0ad8f5098716637a6b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 11:51:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Jul 2024 15:40:33 GMT
server
AmazonS3
etag
W/"89af88b6ffb5c83803d6d1dc6ee75c37"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
t8Eo_0dieKXYmtg6tQKks9uM2uFuWo15g6lCAjH7beDDy6IZz-tkQw==
a2c2fa5e-7083-49b3-8d81-0f51cc9c56d8.png
res.cloudinary.com/perkbox/image/upload/v1602065830/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/perkbox/image/upload/v1602065830/a2c2fa5e-7083-49b3-8d81-0f51cc9c56d8.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ca01 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dfd972169ceb7f976aced1d3bf394b327ffc46b6153eeea58c0b0efddfea828
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 14 Jul 2024 11:51:36 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
cld-cloudflare;dur=20;start=2024-07-14T11:51:36.885Z;desc=hit,rtt;dur=42
content-length
4538
last-modified
Wed, 07 Oct 2020 10:17:12 GMT
server
cloudflare
etag
"3f8dce2fd492fb47d1c5ab66faf6ee90"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
8a314d477b34071a-LHR
timing-allow-origin
*
perks2.7a001d33.png
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/media/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/media/perks2.7a001d33.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fdb9f18b0b2615f2de02b38e26e45901d1d0f7739e8f5524a9683f6e0315c9fd
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 14:23:06 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
250111
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18181
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:53 GMT
server
AmazonS3
etag
"7a001d3324f8a2e639f71fc357e77e10"
content-type
image/png
cache-control
max-age=2592000,public
accept-ranges
bytes
x-amz-cf-id
IWcU5nccpafDyIFe4PRLbWfCEkpERfIaA-M0vuewBRyaJfFxrRcY8w==
set-credentials
starlingbank.perkbox.com/api/v1/ 		2 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/set-credentials
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.229.243.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-243-242.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
Fcb3BVWA-paj-tkVjPgCYqugJnXCRAJYnkCY
Referer
https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Date
Sun, 14 Jul 2024 11:51:36 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
v1
api.production.eu-west-1.perkbox.services/graphql/ 		253 B
931 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-68.fra60.r.cloudfront.net
Software
/ Express
Resource Hash
401bdead703264248fc846570c33b9eeb7b5d8891614b5fa740c3ef1e3992a67

Request headers

apollographql-client-name
web
x-pb-features
Merchandise,GroupCelebration
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
x-pb-channel
web
x-pb-show-premium-wellness
true

Response headers

date
Sun, 14 Jul 2024 11:51:36 GMT
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
253
x-amz-cf-pop
FRA60-P6
x-amzn-requestid
d91c55c3-e174-4c3e-a019-6838321f1f8b
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
a5pHbEcaDoEENfA=
content-length
253
pragma
no-cache
x-correlation-uuid
7289ba5021638aa44e0df6896a2f740a
etag
W/"fd-RUhPyIg6tn0fYOnWOp1D26HNyeA"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Sun, 14 Jul 2024 11:51:36 GMT
x-amz-cf-id
jpcfibC8K9TSAAR1KjhT_cS-8MojareW0z-LzTRQeFWWCG3nxHxoRQ==
expires
-1
ping
api-iam.intercom.io/messenger/web/ Frame 8000 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.ffa25381.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.232.10.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-232-10-23.compute-1.amazonaws.com
Software
nginx /
Resource Hash
723e74ac23c1dedb2a3d1f267618e0d5aa6cddebb368efdf73aa1c28423bf853
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 14 Jul 2024 11:51:37 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-011440775d96793f5
status
200 OK
x-xss-protection
1; mode=block
x-request-id
002nqd2osec40c1m9fs0
x-runtime
0.336950
server
nginx
etag
W/"723e74ac23c1dedb2a3d1f267618e0d5"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://starlingbank.perkbox.com
x-intercom-version
27f6fafb5d1e634f18d0cbefd3ea0102a95bc84d
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
v1
api.production.eu-west-1.perkbox.services/graphql/ 		216 B
894 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-68.fra60.r.cloudfront.net
Software
/ Express
Resource Hash
1e3c157240b42cbf18e678dc715ba175516c3baa3c647ba5b69b9c1d78a6ab6d

Request headers

apollographql-client-name
web
x-pb-features
Merchandise,GroupCelebration
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
x-pb-channel
web
x-pb-show-premium-wellness
true

Response headers

date
Sun, 14 Jul 2024 11:51:37 GMT
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
216
x-amz-cf-pop
FRA60-P6
x-amzn-requestid
c2ae2f88-29db-4c5f-87b1-6bb6b8726129
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
a5pHdEjIjoEEmMA=
content-length
216
pragma
no-cache
x-correlation-uuid
b5878a1e4257607cce1152738b69ca0e
etag
W/"d8-zj4XZBmD7FjyHSnAaT67Can0/0k"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Sun, 14 Jul 2024 11:51:37 GMT
x-amz-cf-id
isa3HCqXEa0N2BhUH3ehLQLOtW0VBmQ01mgyyqv7Rv-4vFoGkjSztA==
expires
-1
WorkSans-SemiBold.woff2
cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/fonts/WorkSans/WorkSans-SemiBold.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-16.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b5595a0f4045f98ff785b89e3f12ad747b441a0622a41710cdf42163f35d325e
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/global.css
Origin
https://starlingbank.perkbox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 12 Jul 2024 10:48:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
176618
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18848
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 11 Jul 2024 14:15:50 GMT
server
AmazonS3
etag
"9942d3192d5c8728bf813d0884347bb4"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
IJR4YbtMHhKh99y19fTt67Tsq9PGd2f4FIy52iu_Idqrub19BdhXyQ==
ping
api-iam.intercom.io/messenger/web/ Frame 8000 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.ffa25381.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.232.10.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-232-10-23.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f7ee2096ce180c201d0a79b22d93883c8b0e568e7d35a413809db6f884c4a512
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 14 Jul 2024 11:51:38 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-011440775d96793f5
status
200 OK
x-xss-protection
1; mode=block
x-request-id
002pf3flv181eu3e6q40
x-runtime
0.329552
server
nginx
etag
W/"f7ee2096ce180c201d0a79b22d93883c"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://starlingbank.perkbox.com
x-intercom-version
27f6fafb5d1e634f18d0cbefd3ea0102a95bc84d
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
/
api-js.mixpanel.com/track/ 		25 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1720957897897
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/37a0bd6a2446fbe4a0265fab27f7a229a5f5bd86/static/js/main.f534791c.js?db2f476341d78e5903a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.241.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.241.186.35.bc.googleusercontent.com
Software
envoy /
Resource Hash
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=604800; includeSubDomains
date
Sun, 14 Jul 2024 11:51:38 GMT
via
1.1 google
server
envoy
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
24
access-control-allow-headers
X-Requested-With, Content-Type
content-length
25
alt-svc
clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
i.ibb.co
URL
https://i.ibb.co/THm67QG/logo-small.png

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| Frames function| CanvasImage function| ColorThief object| pv object| MMCQ object| webpackJsonp object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| _ function| Intercom function| hireMe function| coview object| dataLayer object| default_gsi object| _F_toggles object| google object| closure_lm_44085 function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data object| __localeData__ boolean| VimeoPlayerResizeEmbeds_ function| __intercomAssignLocation function| __intercomReloadLocation

5 Cookies

Domain/Path Name / Value
starlingbank.perkbox.com/ Name: _csrf
Value: DoVuROvy_9pSDHsy6VNvU8bA
starlingbank.perkbox.com/ Name: sid
Value: s%3AUX-4WeVzG3tItmk_25YMJ_yupkIBC2SB.aKB19qsOMwnZGUX%2B%2Bl3L85d0M6wAOB4mgwjulmTyseo
.perkbox.com/ Name: mp_db23a499d137c41fe1659f21e2b6cadf_mixpanel
Value: %7B%22distinct_id%22%3A%20%22190b11579291a6-0bfe301159efb3-11462c6f-1d4c00-190b115792ac42%22%2C%22%24device_id%22%3A%20%22190b11579291a6-0bfe301159efb3-11462c6f-1d4c00-190b115792ac42%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
.perkbox.com/ Name: intercom-device-id-effyqzrr
Value: 813b4e31-0a65-4ddd-9c0f-6edcc9ef085a
.perkbox.com/ Name: intercom-id-effyqzrr
Value: f37af9e1-0996-4b19-9d26-d1c5bf3c267c

3 Console Messages

Source Level URL
Text
network error URL: https://i.ibb.co/THm67QG/logo-small.png
Message:
Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
recommendation verbose URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation verbose URL: https://starlingbank.perkbox.com/onboard?lid=lhtvkqtt2k32&uuid=9e1eb580-9d55-4496-992b-41a34785c242&code=757119
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.checkout.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * blob: data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com;connect-src * *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.intercomcdn.com *.intercomusercontent.com;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;child-src intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ablink.notify.perkbox.com
accounts.google.com
api-iam.intercom.io
api-js.mixpanel.com
api.production.eu-west-1.perkbox.services
app.coview.com
cdn.checkout.com
cdn.coview.com
cdn.perkbox.com
i.ibb.co
js.intercomcdn.com
res.cloudinary.com
starlingbank.perkbox.com
widget.intercom.io
www.googletagmanager.com
i.ibb.co
13.224.189.16
13.224.189.18
130.211.16.248
18.245.31.102
18.245.46.19
18.245.86.68
2600:9000:223c:1c00:4:5ba1:640:93a1
2606:4700::6811:ca01
2a00:1450:4001:81d::2008
2a00:1450:400c:c1f::54
34.232.10.23
35.186.241.51
54.229.243.242
05767a03c3f73ebd335b167630feb53617581c5489f9e7c46a7ed4ff374f2e6f
087819026e90a3dd167a484e819536b983dc4712f084980d3c446688e89b025f
0ca91ce82d8654871cbadfe58e590cf9c3683fc7c7a51ac4e1a4208789d988f5
0e08b76e6210cad1d5b9671d69bb4117ed723df5357b41778694114c940a9fa8
1237249e975f5713faed7c076a51093526b2e13763eba02a2850edf160c67c3b
1e3c157240b42cbf18e678dc715ba175516c3baa3c647ba5b69b9c1d78a6ab6d
20849d2b50b3edf7044f40ca416ab01fef78ffef7e1d116ad60cd7f29f9a1d2f
2e6992699efb87895cae41af6253b8cb9892c37330980200fc0b146c38180a91
3c46b18a1ccba221be436881e1649ef1bfd1e656184fcd535e84bc77c77e8e5d
401bdead703264248fc846570c33b9eeb7b5d8891614b5fa740c3ef1e3992a67
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4748e68c5c9f2b769a0872355d5603955d5875fc2741648c14673008140a848e
4dfd972169ceb7f976aced1d3bf394b327ffc46b6153eeea58c0b0efddfea828
6ae913c52cb68ebb3b088c29ecd2a05afea5f43e9d547ffc695ed5fae15aa9e4
6be4cade8066f237d5b5795e799c95eeaa58b2f30078e0c6a0c083b10d5b4ac2
6eadd2e60c55d064e6b6391cf4e2c6131b6529f1857836db5f5ccc3a38704092
723e74ac23c1dedb2a3d1f267618e0d5aa6cddebb368efdf73aa1c28423bf853
798ba5c46d40676982a0059d12bbac0dd6b7b55f9cef4f302331cfb53e93dbca
878b7c2731d722e5d9399ec1e73e2d74c4c6418550bfa7b773352328c0f366cf
881baca7ef2db6c824c6b4b68adc2a135207e4a72d05881585bd5807531b1924
8be36a2bdae89e7593118ff285cd112c9d0056acf2bbde0ad8f5098716637a6b
95079e887274af4f16b802e8182ae561e26190c114f5eb6483b4c874d74be77e
96cfc9bbe858745e61568a63d7f63da7ba110e8a0fceff7ba3a16560fa5cf8ad
9fe2ec18456117227f344489f6d36f3dafe55728c898e6dd254aca45ad9000af
a22afd0fcabd4edfe3cacba60bea89eb10b2b904f670ff1309eae071c6130e92
a710ca056816b88c87eaad04d958126a7514f5878d09ad40b62fc41f373cf37e
b5595a0f4045f98ff785b89e3f12ad747b441a0622a41710cdf42163f35d325e
c937c4e8d97c6c6f81863e391c797a5c51ec160702a1fcd75983c3eb595295d4
cbe0fdb86f92359551dfd3817891f92c8113e1e5617b204433a59e6b0f8c0b41
d189a49b9758133fe7e6e82a301d5274be027f4c43d9dc7cae964c7ace022e64
d321d12ca906688c7bef57537cfeedcd59241789f2a674176f80afb5235933ce
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e7aaaeae94ba853552cc6376fc635210def3eb3240de93d6f6c73e22ca5016b8
ec04cae0d225b48861b4763dcfe8a3be504dfcf78e2336eefc8fc0bd99760ef8
eea9f67534400ce075ffffb3d0f45c43300e6c6e244d5b566dca5fedb480e087
f49de231ec0ba92400043e8d5a84d5b3dd736ff4df685c1383f00e596fff2311
f7e929dea137e6fdf0b56cd040dda163d3f96e0e2f983bde675bcacb7c7b2684
f7ee2096ce180c201d0a79b22d93883c8b0e568e7d35a413809db6f884c4a512
fdb9f18b0b2615f2de02b38e26e45901d1d0f7739e8f5524a9683f6e0315c9fd