urlscan.io logo urlscan.io
SecurityTrails logo

www.manulife-travel.ca Open in urlscan Pro
23.203.177.178  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://manulife-travel.ca/
Effective URL: https://www.manulife-travel.ca/
Submission: On September 19 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 31 HTTP transactions. The main IP is 23.203.177.178, located in Piscataway, United States and belongs to AKAMAI-AS, US. The main domain is www.manulife-travel.ca.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on August 8th 2024. Valid for: a year.
This is the only time www.manulife-travel.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.74.99.103 397215 (SECURITYS...)
21 23.203.177.178 16625 (AKAMAI-AS)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2607:f8b0:400... 15169 (GOOGLE)
1 63.140.38.210 14618 (AMAZON-AES)
31 7
1    204.74.99.103 (United States)

ASN397215 (SECURITYSERVICES, US)
manulife-travel.ca
21    23.203.177.178 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-177-178.deploy.static.akamaitechnologies.com
www.manulife-travel.ca
1    2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2600:141b:1c00:20a3::1e80 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
2    2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2607:f8b0:4006:816::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    63.140.38.210 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-210.data.adobedc.net
manulife.122.2o7.net
Apex Domain
Subdomains		 Transfer
22 manulife-travel.ca
manulife-travel.ca
www.manulife-travel.ca
1 MB
3 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 452
80 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 43
173 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 178
76 KB
1 2o7.net
manulife.122.2o7.net
344 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
985 B
31 6
Domain Requested by
21 www.manulife-travel.ca www.manulife-travel.ca
3 assets.adobedtm.com www.manulife-travel.ca
assets.adobedtm.com
2 www.googletagmanager.com assets.adobedtm.com
www.googletagmanager.com
2 connect.facebook.net assets.adobedtm.com
connect.facebook.net
1 manulife.122.2o7.net www.manulife-travel.ca
1 fonts.googleapis.com www.manulife-travel.ca
1 manulife-travel.ca 1 redirects
31 7
Subject Issuer Validity Valid
manulife.com
Sectigo RSA Organization Validation Secure Server CA		 2024-08-08 -
2025-08-08		 a year crt.sh
upload.video.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-06-28 -
2024-09-26		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.112.2o7.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-04-11 -
2025-05-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.manulife-travel.ca/
Frame ID: 8B0D176599ED06EE5B2403BD8A91DBF0
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Manulife Financial Travel Insurance | SISIP

Page URL History Show full URLs

  1. http://manulife-travel.ca/ HTTP 307
    https://manulife-travel.ca/ HTTP 307
    http://manulife-travel.ca/ HTTP 301
    http://www.manulife-travel.ca/ HTTP 307
    https://www.manulife-travel.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
  • /etc\.clientlibs/
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

31
Requests

97 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

1
Countries

1433 kB
Transfer

2596 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://manulife-travel.ca/ HTTP 307
    https://manulife-travel.ca/ HTTP 307
    http://manulife-travel.ca/ HTTP 301
    http://www.manulife-travel.ca/ HTTP 307
    https://www.manulife-travel.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.manulife-travel.ca/
Redirect Chain
  • http://manulife-travel.ca/
  • https://manulife-travel.ca/
  • http://manulife-travel.ca/
  • http://www.manulife-travel.ca/
  • https://www.manulife-travel.ca/
54 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
d511d6c8b51cd4e4c756d6eebeaabe6928bf812251713a3e261e9c8b062f0f43
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache,no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Length
8858
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Content-Type
text/html; charset=utf-8
Date
Thu, 19 Sep 2024 19:24:39 GMT
Expires
-1
Pragma
no-cache
Server
istio-envoy
Vary
Accept-Encoding
X-Akamai-Transformed
9 - 0 pmb=mTOE,1
strict-transport-security
max-age=31536000;
x-content-type-options
nosniff
x-envoy-upstream-service-time
8
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Location
https://www.manulife-travel.ca/
Non-Authoritative-Reason
HttpsUpgrades
css
fonts.googleapis.com/ 		3 KB
985 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:400,800
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
af7b7cee3ef0607c7efe2f16fb0081aa56b5135fe68866159bc932ac8af322f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 19 Sep 2024 19:24:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 19 Sep 2024 19:24:39 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 19 Sep 2024 18:56:35 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
jquery.min.af853ecfa49767fc5bb02724f0c2741c.js
www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/ 		91 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/jquery.min.af853ecfa49767fc5bb02724f0c2741c.js
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
52dfe08eca14033c4ac9b8ed7cbb05fd8f9e0d74e6ed2800feb73d2b0a751521
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
12
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
93153
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
text/javascript
Server
istio-envoy
x-frame-options
SAMEORIGIN
main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/ 		219 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
9bf99d2f202bc33c00523146e4e2ba64d61dd406e6eb4ed87d8438f27253b3a0
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
Content-Encoding
gzip
x-envoy-upstream-service-time
14
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
35615
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
text/css
Vary
Accept-Encoding
Server
istio-envoy
x-frame-options
SAMEORIGIN
default.css
www.manulife-travel.ca/etc/designs/ 		0
0
launch-80a681ce3a6b.min.js
assets.adobedtm.com/b84dbf01908c/bfbe003d091e/ 		250 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b84dbf01908c/bfbe003d091e/launch-80a681ce3a6b.min.js
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:20a3::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f3eb1abd870c7948bf631887c598ac572e50e1e502cd86a75401e0ea2f11618d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"6f2f02206583d4d2c6e0d413a8c767cf:1687202999.662593"
expires
Thu, 19 Sep 2024 20:24:39 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.manulife-travel.ca
content-length
67324
date
Thu, 19 Sep 2024 19:24:39 GMT
content-type
application/x-javascript
last-modified
Mon, 19 Jun 2023 19:29:59 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
manulife_logo_mobile_en.png
www.manulife-travel.ca/content/dam/cm-travel/b2cshared/sharedimages/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/b2cshared/sharedimages/manulife_logo_mobile_en.png
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
e9028059af4cfe8d18897c63241c10a726145cb4ce06558e16cc17576d78d313
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
4
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
6935
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/png
Server
istio-envoy
x-frame-options
SAMEORIGIN
logo_mobile_en.jpg
www.manulife-travel.ca/content/dam/cm-travel/sisip/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/sisip/logo_mobile_en.jpg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
a8f57a13be156511fd80bbcfe4a003189137e324410c985d7e18c087fa807bd8
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
4
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
24429
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/jpeg
Server
istio-envoy
x-frame-options
SAMEORIGIN
manulife_logo_desktop_en.png
www.manulife-travel.ca/content/dam/cm-travel/b2cshared/sharedimages/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/b2cshared/sharedimages/manulife_logo_desktop_en.png
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
13c932aa883a5383dbc1beea1c30623fa4b2b19377511ee2ea2ef3d2051851c6
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
8
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
11891
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/png
Server
istio-envoy
x-frame-options
SAMEORIGIN
logo_desktop_en.jpg
www.manulife-travel.ca/content/dam/cm-travel/sisip/ 		32 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/sisip/logo_desktop_en.jpg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
e0788c3b913bf80d562e3ba9ebe9cf252567e3f918125c1c0cf7aa6e8b2985e6
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
6
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
33218
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/jpeg
Server
istio-envoy
x-frame-options
SAMEORIGIN
SISIP_2840x630.jpg
www.manulife-travel.ca/content/dam/cm-travel/sisip/old_banners/ 		368 KB
369 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/sisip/old_banners/SISIP_2840x630.jpg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
2ecab435e452d65a1f7a485d3839d9d42d8ae63b35011c84616d15062f3e632d
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
19
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
376848
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/jpeg
Server
istio-envoy
x-frame-options
SAMEORIGIN
SISIP_620x240.jpg
www.manulife-travel.ca/content/dam/cm-travel/sisip/old_banners/ 		67 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/sisip/old_banners/SISIP_620x240.jpg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
36b4a3028c71964f7dab32ce8a512ccbbc3636f71dbac83f9c0256b9445527c1
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
16
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
68575
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/jpeg
Server
istio-envoy
x-frame-options
SAMEORIGIN
footer_logo_en.png
www.manulife-travel.ca/content/dam/cm-travel/b2cshared/sharedimages/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/b2cshared/sharedimages/footer_logo_en.png
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
865bb96275ce556ef123fb4e2c7b4b5e6a10ffbfa21e264f6f5025770e38e739
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
4
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
10796
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/png
Server
istio-envoy
x-frame-options
SAMEORIGIN
main.min.3138d0217abf44a54480c9ec01df341c.js
www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/ 		252 KB
253 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.3138d0217abf44a54480c9ec01df341c.js
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
570d069329a7bdcb1b1cbcc35bcdedc91eb5c7ba781f29e262a1ef70d2ddbb21
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
23
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
257890
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
text/javascript
Server
istio-envoy
x-frame-options
SAMEORIGIN
V0KHVMCw4B
www.manulife-travel.ca/sdUxvDEqH3/Xqyps6uf51/G10QtXQJfLmQYm/L1c7Ag/Cm/ 		304 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/sdUxvDEqH3/Xqyps6uf51/G10QtXQJfLmQYm/L1c7Ag/Cm/V0KHVMCw4B
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
129dae017eb0466fee04c62545d32c82f25f6c4b8666e7f6cf0fe136c4fae20a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

Cache-Control
max-age=21600, max-age=21600
Content-Encoding
br
ETag
"82a679ea702a91e1174e5fa0c087aff84c6a2688708281eba842adcac4c0ebdb"
Connection
keep-alive
Content-Length
106244
Date
Thu, 19 Sep 2024 19:24:39 GMT
Stored-Attribute-Sha-Checksum
129dae017eb0466fee04c62545d32c82f25f6c4b8666e7f6cf0fe136c4fae20a
Last-Modified
Tue, 03 Sep 2024 15:50:47 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
ico-nav-arrow.svg
www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ 		436 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ico-nav-arrow.svg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
65ef8a47223237aa4d0041af22ade0e5ebb4cc5387bf74a36ba29f7d9b321329
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
5
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
436
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/svg+xml
Server
istio-envoy
x-frame-options
SAMEORIGIN
facebook-icon.svg
www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ 		788 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/etc/designs/cm-travel/images/layout/facebook-icon.svg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
f3c7a0019d334743164d41c3f17d1ad376692a0a43fc772eb45888c054501809
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
5
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
788
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/svg+xml
Server
istio-envoy
x-frame-options
SAMEORIGIN
twitter-icon.svg
www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/etc/designs/cm-travel/images/layout/twitter-icon.svg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
ffde22e733d68d81f4675c55e598eb5c917ee5ac97784f12f91d116a82989c4f
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
3
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
1413
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/svg+xml
Server
istio-envoy
x-frame-options
SAMEORIGIN
instagram-icon.svg
www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/etc/designs/cm-travel/images/layout/instagram-icon.svg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
24155e4a03c4f85390f18425c1646cb05fe9d71ff673a9f45f8f4a6d2cac8d0d
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
3
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
1095
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/svg+xml
Server
istio-envoy
x-frame-options
SAMEORIGIN
linkedin-icon.svg
www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ 		876 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/etc/designs/cm-travel/images/layout/linkedin-icon.svg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
845016e7759d25ec8cf6fdd8b5f4c1793fbe6d7574aad2bd5f75d5e6584da0c8
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
4
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
876
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/svg+xml
Server
istio-envoy
x-frame-options
SAMEORIGIN
youtube-icon.svg
www.manulife-travel.ca/etc/designs/cm-travel/images/layout/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.manulife-travel.ca/etc/designs/cm-travel/images/layout/youtube-icon.svg
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
ddc9713023e1dc06c5f200d292771a2acb1dee430b69bd534ce52378e95ff057
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
4
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
1108
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
image/svg+xml
Server
istio-envoy
x-frame-options
SAMEORIGIN
MaterialIcons-Regular.woff2
www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main/resources/fonts/ 		43 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main/resources/fonts/MaterialIcons-Regular.woff2
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
42da7f7d8a64598ab8fd9baa18e88fa09288f43ae4c90e9a47441ee6810da0e3
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.manulife-travel.ca
Referer
https://www.manulife-travel.ca/etc.clientlibs/cm-travel/clientlibs/main.min.0b91fa7efde137e72cb339b79d2a3f3b.css

Response headers

Transfer-Encoding
chunked
strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
Content-Encoding
gzip
x-envoy-upstream-service-time
9
x-permitted-cross-domain-policies
none
Connection
keep-alive, Transfer-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
text/html
Vary
Accept-Encoding
Server
istio-envoy
x-frame-options
SAMEORIGIN
get_params
www.manulife-travel.ca/_bm/ 		227 B
780 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/_bm/get_params?type=web-jsto
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/sdUxvDEqH3/Xqyps6uf51/G10QtXQJfLmQYm/L1c7Ag/Cm/V0KHVMCw4B
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
38570eb09cd9feba8f4c454f49dc946e0647a722fe8e38071c6a11c7319786b7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

Content-Length
227
Date
Thu, 19 Sep 2024 19:24:39 GMT
Content-Type
application/json
Connection
keep-alive
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/b84dbf01908c/bfbe003d091e/launch-80a681ce3a6b.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:20a3::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
expires
Thu, 19 Sep 2024 20:24:40 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.manulife-travel.ca
content-length
12163
date
Thu, 19 Sep 2024 19:24:40 GMT
content-type
application/x-javascript
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/b84dbf01908c/bfbe003d091e/launch-80a681ce3a6b.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:20a3::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
expires
Thu, 19 Sep 2024 20:24:39 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.manulife-travel.ca
content-length
1597
date
Thu, 19 Sep 2024 19:24:39 GMT
content-type
application/x-javascript
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
fbevents.js
connect.facebook.net/en_US/ 		225 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/b84dbf01908c/bfbe003d091e/launch-80a681ce3a6b.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
edge-control
cache-maxage=10m
date
Thu, 19 Sep 2024 19:24:40 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
GOOD; q=0.7, rtt=56, rtx=0, c=23, mss=1232, tbw=5678, tp=10, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
r73TP0hHG8mW6t7lSN+IOsfNQMwSmkPX5RhqqUIGh6ptdzpMLFUfuxRPj40mN4dhaIfWRJQBH0TlQSiQuFR4+A==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
58953
x-xss-protection
0
origin-agent-cluster
?0
js
www.googletagmanager.com/gtag/ 		244 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-714328702&l=dataLayer
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/b84dbf01908c/bfbe003d091e/launch-80a681ce3a6b.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a51a465a368bc3ab873552beb540635fa907d93dfcea63b6f2d19d71389a7ff5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

content-encoding
br
expires
Thu, 19 Sep 2024 19:24:40 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 19 Sep 2024 19:24:40 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 19 Sep 2024 18:43:17 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
88303
x-xss-protection
0
server
Google Tag Manager
s61131131324600
manulife.122.2o7.net/b/ss/manumfti/1/JS-2.22.4-LDQM/ 		43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://manulife.122.2o7.net/b/ss/manumfti/1/JS-2.22.4-LDQM/s61131131324600?AQB=1&ndh=1&pf=1&t=19%2F8%2F2024%2012%3A24%3A40%204%20420&mid=77997866130047472429215121157293451255&ce=UTF-8&ns=manulife&pageName=%2F&g=https%3A%2F%2Fwww.manulife-travel.ca%2F&c.&getPreviousValue=3.0&getNewRepeat=3.0&.c&cc=CAD&v2=New&c3=SISIP%20logo&v3=1&c4=mfti&c5=en&v6=SISIP%20logo&v7=mfti&v8=en&c19=manulife%20financial%20travel%20insurance%20%7C%20sisip&v23=manulife%20financial%20travel%20insurance%20%7C%20sisip&c24=manulife%20financial%20travel%20insurance%20%7C%20sisip&v52=manulife%20financial%20travel%20insurance%20%7C%20sisip&v54=www.manulife-travel.ca&v118=https%3A%2F%2Fwww.manulife-travel.ca%2F&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=37B127E253DB11F10A490D4E%40AdobeOrg&AQE=1
Requested by
Host: www.manulife-travel.ca
URL: https://www.manulife-travel.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.38.210 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ip-63-140-38-210.data.adobedc.net
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

cache-control
no-cache, no-store, max-age=0, no-transform, private
pragma
no-cache
etag
3708218671556132864-4618501983211614301
x-content-type-options
nosniff
expires
Wed, 18 Sep 2024 19:24:40 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
43
date
Thu, 19 Sep 2024 19:24:40 GMT
x-xss-protection
1; mode=block
last-modified
Fri, 20 Sep 2024 19:24:40 GMT
vary
*
server
jag
content-type
image/gif;charset=utf-8
150026080405999
connect.facebook.net/signals/config/ 		90 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/150026080405999?v=2.9.167&r=stable&domain=www.manulife-travel.ca&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d733bd11ad76ded7e39620756ac84561ccbe45017dda63bc9c2e42c004cc7afe
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
edge-control
cache-maxage=10m
date
Thu, 19 Sep 2024 19:24:40 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
GOOD; q=0.7, rtt=57, rtx=0, c=74, mss=1232, tbw=68350, tp=63, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
x1rzA1MSnExbzRXVh4fwiL4wPUzONzH+fkgDCDlSQ9GBuFu9kR1k0gJJnsh1QMO2MHbSwvoV1i54bR4oMmLjYw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
18932
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		242 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10826534458&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-714328702&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4134232c6e7b7dafbc18b0a4f39e84005efa229e762da4e013a79949a1f2808f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

content-encoding
br
expires
Thu, 19 Sep 2024 19:24:40 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 19 Sep 2024 19:24:40 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 19 Sep 2024 18:43:17 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
87981
x-xss-protection
0
server
Google Tag Manager
favicon.ico
www.manulife-travel.ca/content/dam/cm-travel/ 		15 KB
16 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.manulife-travel.ca/content/dam/cm-travel/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.177.178 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-177-178.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
8e638f733b3925aeec3859826082c062dd4ac204ebd73f683a41de3a5b34eae2
Security Headers
Name Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.manulife-travel.ca/

Response headers

strict-transport-security
max-age=31536000;
Content-Security-Policy
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Cache-Control
public,max-age=86400
x-envoy-upstream-service-time
5
x-permitted-cross-domain-policies
none
Connection
keep-alive
x-content-type-options
nosniff
Content-Length
15406
x-xss-protection
1; mode=block
Date
Thu, 19 Sep 2024 19:24:40 GMT
Content-Type
image/x-icon
Server
istio-envoy
x-frame-options
SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.manulife-travel.ca
URL
https://www.manulife-travel.ca/etc/designs/default.css

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| navbarstate function| setCookie function| thFontSizeCalculate function| stickyHeader function| destroyStickyHeader function| TabClick function| planHeadingHeight function| isExternalLink function| getUrlParameter function| addQueryParam function| addMktParam function| $bu_getBrowser function| $buo function| Tether function| Popper object| bootstrap object| _buorgres object| _cf object| bmak string| _sdTrace object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| fbq function| _fbq object| dataLayer function| gtag object| aaPlugins function| cookieWrite function| cookieRead string| g function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| getNewRepeat object| s_i_manumfti object| google_tag_manager object| google_tag_data

7 Cookies

Domain/Path Name / Value
www.manulife-travel.ca/ Name: .TravelB2C
Value: CfDJ8Eh%2BYZA7QGxCjYWcSgbhTlKNqr%2FTMH70Hql6Cpwhgu8jBhzFvzQTMyaL4%2FwmIY7gC6lasWY10AyL7JrSe1DOTPMzoRJ1MeFlx2coDiwnlXv2Lv%2F2r3AlJr0BXUy3bEbxySu4pVUgX%2BqJwBCW0TjXQp0x4ay9mQeI50CY3EIWmMAU
.manulife-travel.ca/ Name: ak_bmsc
Value: B434D9D3EB106DD86E3F810EC2B61FB4~000000000000000000000000000000~YAAQRHjOF5bvud2RAQAA4mC+CxkY/m4pJIYCAmMU9Qtq5fZ7f07sE+sye5qr2GVH7FtDHUj+52oqOTzgCBSrr0tmcwPGn0ePJ6BhjnGOLH0kXZGDt6tlxLwY9pkZspnsbiRDcyn7se3sYrpMysMQWfMyj5F3nQJhikivG6lqt/53fK6yawlHpoZ8V0V5KhJ/nEH/pN5yGmLhbw6rDbZ72PiRYKS77L+gwMNDzDuqZmWB5LqoAk3SagX1nclgN6Pl1rKNN8n9xVXTLEw6Rg573NhOtgcrQAJjxK3XzOhuwwCaOPl7Eqd/m+xMbtoPfoP7TauG/Vpeb7Nuuxh+PiCSC2vwEp2KJoSIqw3Kz8rhcXyxn3gUmcyligcOUcs4g1uX98kriKkoLA==
.manulife-travel.ca/ Name: bm_sv
Value: 9775E52D3A0B3919F9A4C245C7B90A39~YAAQRHjOF6Pwud2RAQAAgWS+CxnHWbeV/y0/6pgG9vCtZKhyFYHLGzXj23SCg/MwqDMAma7XwV39naz457BwwPIQ/zVSTeT//YKKvehuGjs1gId0aNXofcDvtjgkAeLENX/jmpj9nItVPs72DJ2lbaxuiNcsNV5kfeOaNLjQK6YbAJy73B5TtM4yJAs1tqss54sfuQTjvjilHLURX9JWuUMnfE5wnwY1tx1Cigd1dsRLo7BOGCU+G4F+Aac+zinblVICYG8r8dI=~1
.manulife-travel.ca/ Name: AMCV_37B127E253DB11F10A490D4E%40AdobeOrg
Value: 1176715910%7CMCIDTS%7C19986%7CMCMID%7C77997866130047472429215121157293451255%7CvVersion%7C5.4.0
.manulife-travel.ca/ Name: s_nr30
Value: 1726773879986-New
.manulife-travel.ca/ Name: s_cc
Value: true
.manulife-travel.ca/ Name: _gcl_au
Value: 1.1.490999575.1726773881

1 Console Messages

Source Level URL
Text
security error URL: https://www.manulife-travel.ca/
Message:
Refused to apply style from 'https://www.manulife-travel.ca/etc/designs/default.css' because its MIME type ('') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/ https://www3.moneris.com/;
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
connect.facebook.net
fonts.googleapis.com
manulife-travel.ca
manulife.122.2o7.net
www.googletagmanager.com
www.manulife-travel.ca
www.manulife-travel.ca
204.74.99.103
23.203.177.178
2600:141b:1c00:20a3::1e80
2607:f8b0:4006:816::2008
2607:f8b0:4006:81e::200a
2a03:2880:f012:10c:face:b00c:0:3
63.140.38.210
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
129dae017eb0466fee04c62545d32c82f25f6c4b8666e7f6cf0fe136c4fae20a
13c932aa883a5383dbc1beea1c30623fa4b2b19377511ee2ea2ef3d2051851c6
24155e4a03c4f85390f18425c1646cb05fe9d71ff673a9f45f8f4a6d2cac8d0d
2ecab435e452d65a1f7a485d3839d9d42d8ae63b35011c84616d15062f3e632d
36b4a3028c71964f7dab32ce8a512ccbbc3636f71dbac83f9c0256b9445527c1
38570eb09cd9feba8f4c454f49dc946e0647a722fe8e38071c6a11c7319786b7
4134232c6e7b7dafbc18b0a4f39e84005efa229e762da4e013a79949a1f2808f
42da7f7d8a64598ab8fd9baa18e88fa09288f43ae4c90e9a47441ee6810da0e3
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
52dfe08eca14033c4ac9b8ed7cbb05fd8f9e0d74e6ed2800feb73d2b0a751521
570d069329a7bdcb1b1cbcc35bcdedc91eb5c7ba781f29e262a1ef70d2ddbb21
65ef8a47223237aa4d0041af22ade0e5ebb4cc5387bf74a36ba29f7d9b321329
845016e7759d25ec8cf6fdd8b5f4c1793fbe6d7574aad2bd5f75d5e6584da0c8
865bb96275ce556ef123fb4e2c7b4b5e6a10ffbfa21e264f6f5025770e38e739
8e638f733b3925aeec3859826082c062dd4ac204ebd73f683a41de3a5b34eae2
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
9bf99d2f202bc33c00523146e4e2ba64d61dd406e6eb4ed87d8438f27253b3a0
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a51a465a368bc3ab873552beb540635fa907d93dfcea63b6f2d19d71389a7ff5
a8f57a13be156511fd80bbcfe4a003189137e324410c985d7e18c087fa807bd8
af7b7cee3ef0607c7efe2f16fb0081aa56b5135fe68866159bc932ac8af322f9
d511d6c8b51cd4e4c756d6eebeaabe6928bf812251713a3e261e9c8b062f0f43
d733bd11ad76ded7e39620756ac84561ccbe45017dda63bc9c2e42c004cc7afe
ddc9713023e1dc06c5f200d292771a2acb1dee430b69bd534ce52378e95ff057
e0788c3b913bf80d562e3ba9ebe9cf252567e3f918125c1c0cf7aa6e8b2985e6
e9028059af4cfe8d18897c63241c10a726145cb4ce06558e16cc17576d78d313
f3c7a0019d334743164d41c3f17d1ad376692a0a43fc772eb45888c054501809
f3eb1abd870c7948bf631887c598ac572e50e1e502cd86a75401e0ea2f11618d
ffde22e733d68d81f4675c55e598eb5c917ee5ac97784f12f91d116a82989c4f