urlscan.io logo urlscan.io
SecurityTrails logo

payments.worthandco.com Open in urlscan Pro
20.49.97.30  Public Scan

Go To Rescan Add Verdict Report
URL: https://payments.worthandco.com/
Submission: On March 08 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 1 countries across 7 domains to perform 49 HTTP transactions. The main IP is 20.49.97.30, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is payments.worthandco.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 7th 2024. Valid for: a year.
This is the only time payments.worthandco.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
41 20.49.97.30 8075 (MICROSOFT...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 20.60.132.4 8075 (MICROSOFT...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2620:1ec:bdf::40 8075 (MICROSOFT...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 20.49.99.75 8075 (MICROSOFT...)
49 8
41    20.49.97.30 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
payments.worthandco.com
1    2607:f8b0:4006:816::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:3031::6815:435e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.storisdesign.com
1    20.60.132.4 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
estorisspencerlive.blob.core.windows.net
1    2607:f8b0:4006:823::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2620:1ec:bdf::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
js.monitor.azure.com
1    2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    20.49.99.75 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
eastus2-0.in.applicationinsights.azure.com
Apex Domain
Subdomains		 Transfer
41 worthandco.com
payments.worthandco.com
1005 KB
3 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 682
eastus2-0.in.applicationinsights.azure.com — Cisco Umbrella Rank: 30029
57 KB
1 gstatic.com
fonts.gstatic.com
48 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
1 windows.net
estorisspencerlive.blob.core.windows.net
59 KB
1 storisdesign.com
cdn.storisdesign.com
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
2 KB
49 7
Domain Requested by
41 payments.worthandco.com payments.worthandco.com
js.monitor.azure.com
2 eastus2-0.in.applicationinsights.azure.com js.monitor.azure.com
1 fonts.gstatic.com fonts.googleapis.com
1 js.monitor.azure.com payments.worthandco.com
1 www.googletagmanager.com payments.worthandco.com
1 estorisspencerlive.blob.core.windows.net payments.worthandco.com
1 cdn.storisdesign.com payments.worthandco.com
1 fonts.googleapis.com payments.worthandco.com
49 8

This site contains links to these domains. Also see Links.

Domain
worthandco.com
www.nopcommerce.com
www.nop-templates.com
Subject Issuer Validity Valid
payments.worthandco.com
Go Daddy Secure Certificate Authority - G2		 2024-03-07 -
2025-03-07		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
storisdesign.com
GTS CA 1P5		 2024-01-31 -
2024-04-30		 3 months crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01		 2023-09-26 -
2024-09-26		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
js.monitor.azure.com
Microsoft Azure RSA TLS Issuing CA 03		 2023-12-19 -
2024-12-13		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 07		 2024-02-02 -
2025-01-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://payments.worthandco.com/
Frame ID: 48849AF2F50A8AA361C70F0FD31E0C49
Requests: 48 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dufresne Spencer Group | Dufresne Spencer Group

Detected technologies

Overall confidence: 100%
Detected patterns
  • <a[^>]*href=[^>]*/Cart
Overall confidence: 100%
Detected patterns
  • dataTables.*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

49
Requests

100 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

8
IPs

1
Countries

1172 kB
Transfer

2835 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
payments.worthandco.com/ 		20 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ccfdf512dde079a8284cc2bff0a3fd5ae5f3d8b304f2a4bd5d7f0a7e061858a4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-language
en-US
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-type
text/html; charset=utf-8
date
Fri, 08 Mar 2024 22:11:47 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
pragma
no-cache
referrer-policy
same-origin
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-miniprofiler-ids
["852053aa-435a-4a24-b183-694b6ca37135"]
x-xss-protection
1; mode=block
jquery.min.js
payments.worthandco.com/lib_npm/jquery/ 		88 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/jquery/jquery.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bf13097a5fe9ea9435c54585d0d07a5a8023a27a39c7bf2aee50c82fce99d4fd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
gzip
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:32 GMT
server
Microsoft-IIS/10.0
etag
"8YduXRdfffFmX39NtsKKv19RQnA"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
jquery-ui.min.js
payments.worthandco.com/lib_npm/jquery-ui-dist/ 		249 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/jquery-ui-dist/jquery-ui.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9d9b75e6bf99296f7797ed12f73137f52966dbb02180ff054c6c01680c7bdb1d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:32 GMT
server
Microsoft-IIS/10.0
etag
"1da560dba3e8071"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
jquery-migrate.min.js
payments.worthandco.com/lib_npm/jquery-migrate/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/jquery-migrate/jquery-migrate.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
eec47adc0217aa592a6eaed238d2479393f54642e5657b8f6e575e50f306c101
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:32 GMT
server
Microsoft-IIS/10.0
etag
"1da560dba3d509d"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
jquery.magnific-popup.min.js
payments.worthandco.com/lib_npm/magnific-popup/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/magnific-popup/jquery.magnific-popup.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:32 GMT
server
Microsoft-IIS/10.0
etag
"1da560dba3d2afb"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
kendo.core.min.js
payments.worthandco.com/lib/kendo/2020.1.406/js/ 		55 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib/kendo/2020.1.406/js/kendo.core.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1dbaf5514fd28b2c0a6287ed414932eb75fe45f3a26c0d7a3265a29c497e043f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90ceb15"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
kendo.ui.core.min.js
payments.worthandco.com/lib/kendo/2020.1.406/js/ 		836 KB
339 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib/kendo/2020.1.406/js/kendo.ui.core.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a650b7af58c97cadfec5d3ff55095b8ecb6980347adce46bae8f41620448b0f5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db901268f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
kendo.window.min.js
payments.worthandco.com/lib/kendo/2020.1.406/js/ 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib/kendo/2020.1.406/js/kendo.window.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
88982d9fb39a58b976bbf7fcc48c86cf6d29ea7a559484393a80bae214b2be4c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c4022"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
jquery.validate.min.js
payments.worthandco.com/lib_npm/jquery-validation/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/jquery-validation/jquery.validate.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e9ed0df9626254a05e4e2b4ad46292c0f8b7adb74fa4bb6ea9a8a2b598de0f6c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:32 GMT
server
Microsoft-IIS/10.0
etag
"1da560dba3d041c"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
jquery.validate.unobtrusive.min.js
payments.worthandco.com/lib_npm/jquery-validation-unobtrusive/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1fc39d86f356a710875ddf4eb30f11ef23ac5a3f4240a183325ba361506c60cc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:32 GMT
server
Microsoft-IIS/10.0
etag
"1da560dba3d72ef"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
jquery.dataTables.min.js
payments.worthandco.com/lib_npm/datatables.net/js/ 		88 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/lib_npm/datatables.net/js/jquery.dataTables.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1651bbe7924988f5722c18880178c2c376057480bd08397838a4065b68ca5f3c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90d5659"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-product-box.css
payments.worthandco.com/plugins/misc.storis/styles/product/ 		206 B
293 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/styles/product/bundle-product-box.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cc71aed36e776ecce46d6c149b400245d0959356d2da5cc69967ad3463980c08
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:28 GMT
server
Microsoft-IIS/10.0
etag
"1da64d454d5e8ce"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-product-box-override.js
payments.worthandco.com/plugins/misc.storis/scripts/product/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/scripts/product/bundle-product-box-override.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bb01eb39794a9556b52ef9a136af322ab356362af456e77f4f85469314644b3c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:39:02 GMT
server
Microsoft-IIS/10.0
etag
"1da560f794646a8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
css
fonts.googleapis.com/ 		17 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,700&display=swap
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 08 Mar 2024 21:58:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 Mar 2024 22:11:47 GMT
Homepage.Head.styles.css
payments.worthandco.com/css/ 		200 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
44492b8ed1f92f74c58a60327692f66db4587f2fa1165d7684f233fd881c177d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Tue, 27 Feb 2024 19:15:35 GMT
server
Microsoft-IIS/10.0
etag
"me2XhZQU8etDF1I9PsWWPFXM1Sk"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
cache-control
max-age=31536000,immutable
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
googleeehelper.js
payments.worthandco.com/Plugins/FoxNetSoft.GoogleEnhancedEcommerce/Scripts/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/Plugins/FoxNetSoft.GoogleEnhancedEcommerce/Scripts/googleeehelper.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
54533781c9697d87488d3d3b53e4d382ebe5b659363f67b5ccc56b773da2949b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:26 GMT
server
Microsoft-IIS/10.0
etag
"1da560db6a9f387"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
estorisgrid_v3.min.css
cdn.storisdesign.com/css/grid/ 		34 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.storisdesign.com/css/grid/estorisgrid_v3.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:435e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
3d43761e5a40192b80cd4ab123193cddd30a15268c4a17792fc9833ef8ff4537
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6567
x-powered-by
ASP.NET
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 04 Feb 2020 23:55:03 GMT
server
cloudflare
etag
W/"2c68e84b6dbd51:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OALUX4Lx6RaccxPLBC7flHtXUcGKNUNkuHb5N9PCD3ojsLLzCDtgM13CsU9WNfal3sk2w%2FVXT9Z6kqLtP9jRAwm1kvuSw6Q9%2B5qY3yehi%2BcAuFXia1HHKI1eSxv4MjRog1WDBEM8mxspXsMa534pgwlzJw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
cf-ray
861629bc99a54240-EWR
bundle-storis-base.min.css
payments.worthandco.com/plugins/misc.storis/styles/ 		203 B
252 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/styles/bundle-storis-base.min.css?version=45.10.5.19767
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f25ec973c81ad3fa03f83a014625a12f4ef4aaa474b00a7bfaa2737ad3fde5a6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:24 GMT
server
Microsoft-IIS/10.0
etag
"1da64d452738ecb"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-storis-base.min.js
payments.worthandco.com/plugins/misc.storis/scripts/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/scripts/bundle-storis-base.min.js?version=45.10.5.19767
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
da1a5054041fb4335ae05960baddbfb70d0bd16c07bbd13afb48f8c11ee63f64
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:39:02 GMT
server
Microsoft-IIS/10.0
etag
"1da560f79464413"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-customer-open-orders.min.css
payments.worthandco.com/plugins/misc.storis/styles/customeraccount/ 		240 B
266 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders.min.css?version=45.10.5.19767
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
52a75745b895f9b00daeef47f9e7a934ae54eedae5e86dfb68d8b2c36a29acfb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:27 GMT
server
Microsoft-IIS/10.0
etag
"1da64d4543d5170"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-customer-open-orders.min.js
payments.worthandco.com/plugins/misc.storis/scripts/customeraccount/ 		217 B
249 B 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/scripts/customeraccount/bundle-customer-open-orders.min.js?version=45.10.5.19767
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2efcb700a85a13afffb8dc84d7a14acdfddc8797d7ce8757589785dc967c9e34
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:39:02 GMT
server
Microsoft-IIS/10.0
etag
"1da560f79464fd9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
0000127_Worth_Logo_02-23-2023_secondary_logo_A.png
estorisspencerlive.blob.core.windows.net/thumbs/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://estorisspencerlive.blob.core.windows.net/thumbs/0000127_Worth_Logo_02-23-2023_secondary_logo_A.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.132.4 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
dd03fa1daa7e82bc9aac224e5b05a2a0aee4453f403c6bf7118a5e7c9da062cc

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 08 Mar 2024 22:11:47 GMT
Last-Modified
Tue, 27 Feb 2024 19:12:58 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
BUlKojRp1t6xPwvwag/UXw==
ETag
0x8DC37C81C542BD2
Content-Type
image/png
x-ms-request-id
ae35aa9b-301e-000c-15a5-71d401000000
x-ms-version
2009-09-19
Content-Length
59866
bundle-storeLocator-common.min.css
payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/ 		239 B
268 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/bundle-storeLocator-common.min.css?version=45.10.5.19767
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5be6db8006a1879387fa5a728b36435efa738130fe4b8e0589b4fa77f5ebdb61
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:30 GMT
server
Microsoft-IIS/10.0
etag
"1da64d4560715ef"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-LocationFinder.min.js
payments.worthandco.com/Plugins/Nop.Plugins.StoreLocator.Storis/Scripts/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/Plugins/Nop.Plugins.StoreLocator.Storis/Scripts/bundle-LocationFinder.min.js?version=45.10.5.19767
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3582420b6d7f93061a32001444b57af2e53f577a55b667b32f661e777883dc96
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:33:08 GMT
server
Microsoft-IIS/10.0
etag
"1da560ea6462595"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
Homepage.Footer.scripts.js
payments.worthandco.com/js/ 		881 KB
350 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/js/Homepage.Footer.scripts.js?v=6TiGEjVSNaGsmPupunh9K9Pgq2s
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
188d8d149211bc347627fd6e91a32de3270c3cee2e124c5d874d2a85416e06b6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
gzip
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:32:58 GMT
server
Microsoft-IIS/10.0
etag
"6TiGEjVSNaGsmPupunh9K9Pgq2s"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
max-age=31536000,immutable
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
bundle-product-box-source-copy.css
payments.worthandco.com/plugins/misc.storis/styles/product/ 		126 B
191 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/styles/product/bundle-product-box-source-copy.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/misc.storis/styles/product/bundle-product-box.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c1e382db424ca3d990947091a458ca5ae35f3a9db940a7fee17688f3940c617b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/misc.storis/styles/product/bundle-product-box.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:39:02 GMT
server
Microsoft-IIS/10.0
etag
"1da560f79464f7e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-product-box-override.css
payments.worthandco.com/themes/storiscssoverrides/plugins/misc.storis/styles/product/ 		64 B
140 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/themes/storiscssoverrides/plugins/misc.storis/styles/product/bundle-product-box-override.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/misc.storis/styles/product/bundle-product-box.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
715b9941b5d7cb1e21290a8caa3cdd5f330f4c82de5e651ba91a3f5c80ee223c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/misc.storis/styles/product/bundle-product-box.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:28 GMT
server
Microsoft-IIS/10.0
etag
"1da64d454d5e840"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
gtm.js
www.googletagmanager.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers
ai.2.min.js
js.monitor.azure.com/scripts/b/ 		120 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.monitor.azure.com/scripts/b/ai.2.min.js
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
19f79b5c8e190cb3ec9005a46a8c8f27d005399d4ada47916853e88290085e32

Request headers

Referer
Origin
https://payments.worthandco.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
last-modified
Wed, 14 Feb 2024 19:25:27 GMT
x-ms-meta-aijssdkver
2.8.17
vary
Accept-Encoding
x-azure-ref
20240308T221147Z-k89vtm9hah0n7cgsdudmme1srs00000006n000000000h0xn
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
fedaba78-401e-008e-66f4-6c6dc3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-aijssdksrc,x-ms-meta-aijssdkver,x-ms-meta-lastmodified,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-cache
TCP_HIT
x-ms-version
2009-09-19
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.17.min.js
x-fd-int-roxy-purgeid
0
bundle-storis-base-source-copy.min.css
payments.worthandco.com/plugins/misc.storis/styles/ 		14 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/styles/bundle-storis-base-source-copy.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/misc.storis/styles/bundle-storis-base.min.css?version=45.10.5.19767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2a0b58db3c468ce88bd320f42cbd7f8be6370a06e480914326087dc637769d80
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/misc.storis/styles/bundle-storis-base.min.css?version=45.10.5.19767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:39:02 GMT
server
Microsoft-IIS/10.0
etag
"1da560f79467943"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-storis-base-override.min.css
payments.worthandco.com/themes/storiscssoverrides/plugins/misc.storis/styles/ 		64 B
170 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/themes/storiscssoverrides/plugins/misc.storis/styles/bundle-storis-base-override.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/misc.storis/styles/bundle-storis-base.min.css?version=45.10.5.19767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
715b9941b5d7cb1e21290a8caa3cdd5f330f4c82de5e651ba91a3f5c80ee223c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/misc.storis/styles/bundle-storis-base.min.css?version=45.10.5.19767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:23 GMT
server
Microsoft-IIS/10.0
etag
"1da64d451daf7c0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-customer-open-orders-source-copy.min.css
payments.worthandco.com/plugins/misc.storis/styles/customeraccount/ 		2 KB
966 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders-source-copy.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders.min.css?version=45.10.5.19767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
693f07c8bd1f95a2932885f89b42d63952a1ce6d4eda94db37ba4aa13c7abc59
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders.min.css?version=45.10.5.19767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:39:02 GMT
server
Microsoft-IIS/10.0
etag
"1da560f79464888"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-customer-open-orders-override.min.css
payments.worthandco.com/themes/storiscssoverrides/plugins/misc.storis/styles/customeraccount/ 		64 B
189 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/themes/storiscssoverrides/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders-override.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders.min.css?version=45.10.5.19767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
715b9941b5d7cb1e21290a8caa3cdd5f330f4c82de5e651ba91a3f5c80ee223c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/misc.storis/styles/customeraccount/bundle-customer-open-orders.min.css?version=45.10.5.19767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:27 GMT
server
Microsoft-IIS/10.0
etag
"1da64d4543d51c0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payments.worthandco.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 06:27:15 GMT
x-content-type-options
nosniff
age
229472
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 06:27:15 GMT
bundle-storelocator-common-source-copy.min.css
payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/ 		1 KB
756 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/bundle-storelocator-common-source-copy.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/bundle-storeLocator-common.min.css?version=45.10.5.19767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
02f1e339dae6c62c6d8f2e44aa1e392e4c5f11866b7dcd96a35f5eb8cabf1713
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/bundle-storeLocator-common.min.css?version=45.10.5.19767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:33:08 GMT
server
Microsoft-IIS/10.0
etag
"1da560ea6463649"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
bundle-storelocator-common-override.min.css
payments.worthandco.com/themes/storiscssoverrides/plugins/nop.plugins.storelocator.storis/styles/ 		64 B
140 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/themes/storiscssoverrides/plugins/nop.plugins.storelocator.storis/styles/bundle-storelocator-common-override.min.css
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/bundle-storeLocator-common.min.css?version=45.10.5.19767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
715b9941b5d7cb1e21290a8caa3cdd5f330f4c82de5e651ba91a3f5c80ee223c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/plugins/nop.plugins.storelocator.storis/styles/bundle-storeLocator-common.min.css?version=45.10.5.19767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 14:43:30 GMT
server
Microsoft-IIS/10.0
etag
"1da64d456071540"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
search-button.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		295 B
792 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/search-button.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a77ced141f1d6edba45d6c39a78c340349080467cfb868032dd35e9e8771e53f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
295
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c3627"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
wishlist-button.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		381 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/wishlist-button.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5d1e099bc67071a5d404276b5c69def1634a008651655308536890e64f286c02
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
381
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c367d"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
cart-button.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		377 B
444 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/cart-button.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c26af30f3cf52c4655e43c9396279b26facc60c9adf8fb5630ace38e87b825e1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
377
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c3679"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
social-icons-holder-shadow.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		326 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/social-icons-holder-shadow.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f11c0351599aafa747213f2ab4cb432bca8bb59a8ddc2bd03c38f57d804fc6d1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
326
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c3646"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
subscribe-button.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/subscribe-button.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7cd690faba6afd5736cd9da17d6cc9691eaca54569b0982be527ba2a665a2470
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
3084
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c3b0c"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
getquickviewbutton
payments.worthandco.com/ 		71 B
684 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/getquickviewbutton?_=1709935907672
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/js/Homepage.Footer.scripts.js?v=6TiGEjVSNaGsmPupunh9K9Pgq2s
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
17002db412ed29d3780cc1bef403297e62c2cc23fe9cdff31d83239804c617c7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://payments.worthandco.com/
X-Requested-With
XMLHttpRequest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Fri, 08 Mar 2024 22:11:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
server
Microsoft-IIS/10.0
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
same-origin
vary
Accept-Encoding
x-miniprofiler-ids
["c1e123e0-524a-49b6-be2a-0c1035b5e176"]
content-language
en-US
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
selector-button1.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		144 B
241 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/selector-button1.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9e2634147ebf1766fb9ed16e418cf6bdf2c60c4da0ae4b2646319f8897c5427d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
144
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c3790"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
flyout-cart-close-button.png
payments.worthandco.com/Themes/Brooklyn/Content/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.worthandco.com/Themes/Brooklyn/Content/img/flyout-cart-close-button.png
Requested by
Host: payments.worthandco.com
URL: https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6759ff28bb621db49f392160989efab7cd77cdfab7813da1b60893d1f640c6d2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://payments.worthandco.com/css/Homepage.Head.styles.css?v=me2XhZQU8etDF1I9PsWWPFXM1Sk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
content-length
1050
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
referrer-policy
same-origin
last-modified
Fri, 02 Feb 2024 19:26:30 GMT
server
Microsoft-IIS/10.0
etag
"1da560db90c331a"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=31536000
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
accept-ranges
bytes
SetCustomerLocation
payments.worthandco.com/StoreLocator/ 		0
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/StoreLocator/SetCustomerLocation
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://payments.worthandco.com/
X-Requested-With
XMLHttpRequest
traceparent
00-a181ca8ebe894eeab075dfc06a8c4d16-b11c7d37fc7649e2-01
Request-Id
|a181ca8ebe894eeab075dfc06a8c4d16.b11c7d37fc7649e2
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
server
Microsoft-IIS/10.0
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
same-origin
vary
Accept-Encoding
x-miniprofiler-ids
["1949d9e5-c784-4c18-8c2d-0a1331fcf8a6"]
content-language
en-US
content-type
text/plain; charset=utf-8
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
track
eastus2-0.in.applicationinsights.azure.com//v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://eastus2-0.in.applicationinsights.azure.com//v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.99.75 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.worthandco.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Fri, 08 Mar 2024 22:11:48 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
eastus2-0.in.applicationinsights.azure.com//v2/ 		49 B
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eastus2-0.in.applicationinsights.azure.com//v2/track
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.99.75 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
2f06451e2da9bcec5593f0e5f8be5aaf93a584def5560838666f6ddcc0f90a19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Fri, 08 Mar 2024 22:11:48 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-length
49
content-type
application/json; charset=utf-8
HeaderNearestShop
payments.worthandco.com/StoreLocator/ 		970 B
958 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/StoreLocator/HeaderNearestShop?sku=
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bc050740e232b5e5e5fd932bf61145057b6e4b526cf690dd57d2e97fdeb59b7c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://payments.worthandco.com/
X-Requested-With
XMLHttpRequest
traceparent
00-a181ca8ebe894eeab075dfc06a8c4d16-45631cab990e4374-01
Request-Id
|a181ca8ebe894eeab075dfc06a8c4d16.45631cab990e4374
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
server
Microsoft-IIS/10.0
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
same-origin
vary
Accept-Encoding
x-miniprofiler-ids
["c3d185bf-23a3-43e1-b644-c971b374d8ff"]
content-language
en-US
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3
FooterNearestShop
payments.worthandco.com/StoreLocator/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://payments.worthandco.com/StoreLocator/FooterNearestShop?sku=
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.49.97.30 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
029bd3da3d634b2d3ab0fc380febc7bc371a7cfcbebcc79904a429792e2aa9ae
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://payments.worthandco.com/
X-Requested-With
XMLHttpRequest
traceparent
00-a181ca8ebe894eeab075dfc06a8c4d16-979e38580e004137-01
Request-Id
|a181ca8ebe894eeab075dfc06a8c4d16.979e38580e004137
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:11:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
server
Microsoft-IIS/10.0
content-security-policy
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
same-origin
vary
Accept-Encoding
x-miniprofiler-ids
["f097b343-a1b5-4f9f-93ae-f2d083214567"]
content-language
en-US
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=*, usb=()
x-xss-protection
1; mode=block
request-context
appId=cid-v1:76b346f6-f411-4b4e-a9a7-e7ca5359eec3

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| $jscomp function| $jscomp$lookupPolyfilledValue function| DataTable object| GoogleEEHelper object| GEE_productImpressions object| GEE_productDetails object| GEE_cartproducts object| GEE_wishlistproducts object| dataLayer object| appInsights object| storis function| openOrdersNotificationDismissed object| locationFinder function| deferjqueryloadingGoogleEnhancedEcommerce function| OpenWindow function| setLocation function| displayAjaxLoading function| displayPopupNotification function| displayJoinedPopupNotifications function| displayPopupContentFromUrl function| displayBarNotification function| htmlEncode function| htmlDecode function| addAntiForgeryToken object| AjaxCart object| kendo object| sevenSpikesCore object| CatalogProducts object| nopAjaxCart object| nopProductRibbons function| qq function| Ta function| CloudZoom object| nopSalesCampaigns object| footable number| SCROLLBAR_WIDTH object| sevenSpikesEx object| themeSettings object| localized_data function| newsletter_subscribe undefined| retrieveChangeLocationDataBadcockUrl undefined| changeNearestShopBadcockUrl object| mainSelect object| Microsoft object| __dynProto$Gbl

7 Cookies

Domain/Path Name / Value
payments.worthandco.com/ Name: .Nop.Antiforgery
Value: CfDJ8OvAS0aHUvpEohaxMVOHrrDca7v6ardJ_7eQuCbodtY8Pe3_eNBpUk-7xwkVeIU_4k0uxIAClehJBH3VpwXJAwaXCqPdbJ7U5mgA9bQMUy7IqAwLpSdHotDs-ZRjjwMb0M4bdtIY2YmvWMIR63v98YY
.payments.worthandco.com/ Name: ARRAffinity
Value: 9f47e4ef040c55dc18f808a2f8fd57e4a39760bd56411fbfbe6a819cd50dbf8d
.payments.worthandco.com/ Name: ARRAffinitySameSite
Value: 9f47e4ef040c55dc18f808a2f8fd57e4a39760bd56411fbfbe6a819cd50dbf8d
payments.worthandco.com/ Name: ai_user
Value: Ya2ddjwI998ryuav+2orou|2024-03-08T22:11:47.902Z
payments.worthandco.com/ Name: ai_session
Value: niA/c18bIm+Oz4Nr8z1FIP|1709935908113|1709935908113
payments.worthandco.com/ Name: .Nop.Customer
Value: 4282d529-47fc-4009-9d5e-ad39252396c2
payments.worthandco.com/ Name: .Nop.Culture
Value: c%3Den-US%7Cuic%3Den-US

1 Console Messages

Source Level URL
Text
network error URL: https://www.googletagmanager.com/gtm.js?id=
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.storisdesign.com
eastus2-0.in.applicationinsights.azure.com
estorisspencerlive.blob.core.windows.net
fonts.googleapis.com
fonts.gstatic.com
js.monitor.azure.com
payments.worthandco.com
www.googletagmanager.com
20.49.97.30
20.49.99.75
20.60.132.4
2606:4700:3031::6815:435e
2607:f8b0:4006:816::200a
2607:f8b0:4006:823::2008
2607:f8b0:4006:824::2003
2620:1ec:bdf::40
029bd3da3d634b2d3ab0fc380febc7bc371a7cfcbebcc79904a429792e2aa9ae
02f1e339dae6c62c6d8f2e44aa1e392e4c5f11866b7dcd96a35f5eb8cabf1713
1651bbe7924988f5722c18880178c2c376057480bd08397838a4065b68ca5f3c
17002db412ed29d3780cc1bef403297e62c2cc23fe9cdff31d83239804c617c7
188d8d149211bc347627fd6e91a32de3270c3cee2e124c5d874d2a85416e06b6
19f79b5c8e190cb3ec9005a46a8c8f27d005399d4ada47916853e88290085e32
1dbaf5514fd28b2c0a6287ed414932eb75fe45f3a26c0d7a3265a29c497e043f
1fc39d86f356a710875ddf4eb30f11ef23ac5a3f4240a183325ba361506c60cc
2a0b58db3c468ce88bd320f42cbd7f8be6370a06e480914326087dc637769d80
2efcb700a85a13afffb8dc84d7a14acdfddc8797d7ce8757589785dc967c9e34
2f06451e2da9bcec5593f0e5f8be5aaf93a584def5560838666f6ddcc0f90a19
3582420b6d7f93061a32001444b57af2e53f577a55b667b32f661e777883dc96
3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3d43761e5a40192b80cd4ab123193cddd30a15268c4a17792fc9833ef8ff4537
44492b8ed1f92f74c58a60327692f66db4587f2fa1165d7684f233fd881c177d
52a75745b895f9b00daeef47f9e7a934ae54eedae5e86dfb68d8b2c36a29acfb
54533781c9697d87488d3d3b53e4d382ebe5b659363f67b5ccc56b773da2949b
5be6db8006a1879387fa5a728b36435efa738130fe4b8e0589b4fa77f5ebdb61
5d1e099bc67071a5d404276b5c69def1634a008651655308536890e64f286c02
6759ff28bb621db49f392160989efab7cd77cdfab7813da1b60893d1f640c6d2
693f07c8bd1f95a2932885f89b42d63952a1ce6d4eda94db37ba4aa13c7abc59
715b9941b5d7cb1e21290a8caa3cdd5f330f4c82de5e651ba91a3f5c80ee223c
7cd690faba6afd5736cd9da17d6cc9691eaca54569b0982be527ba2a665a2470
88982d9fb39a58b976bbf7fcc48c86cf6d29ea7a559484393a80bae214b2be4c
9d9b75e6bf99296f7797ed12f73137f52966dbb02180ff054c6c01680c7bdb1d
9e2634147ebf1766fb9ed16e418cf6bdf2c60c4da0ae4b2646319f8897c5427d
a650b7af58c97cadfec5d3ff55095b8ecb6980347adce46bae8f41620448b0f5
a77ced141f1d6edba45d6c39a78c340349080467cfb868032dd35e9e8771e53f
b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2
bb01eb39794a9556b52ef9a136af322ab356362af456e77f4f85469314644b3c
bc050740e232b5e5e5fd932bf61145057b6e4b526cf690dd57d2e97fdeb59b7c
bf13097a5fe9ea9435c54585d0d07a5a8023a27a39c7bf2aee50c82fce99d4fd
c1e382db424ca3d990947091a458ca5ae35f3a9db940a7fee17688f3940c617b
c26af30f3cf52c4655e43c9396279b26facc60c9adf8fb5630ace38e87b825e1
cc71aed36e776ecce46d6c149b400245d0959356d2da5cc69967ad3463980c08
ccfdf512dde079a8284cc2bff0a3fd5ae5f3d8b304f2a4bd5d7f0a7e061858a4
da1a5054041fb4335ae05960baddbfb70d0bd16c07bbd13afb48f8c11ee63f64
dd03fa1daa7e82bc9aac224e5b05a2a0aee4453f403c6bf7118a5e7c9da062cc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9ed0df9626254a05e4e2b4ad46292c0f8b7adb74fa4bb6ea9a8a2b598de0f6c
eec47adc0217aa592a6eaed238d2479393f54642e5657b8f6e575e50f306c101
f11c0351599aafa747213f2ab4cb432bca8bb59a8ddc2bd03c38f57d804fc6d1
f25ec973c81ad3fa03f83a014625a12f4ef4aaa474b00a7bfaa2737ad3fde5a6