urlscan.io logo urlscan.io
SecurityTrails logo

ci2.plymouthrock.com Open in urlscan Pro
2600:9000:2127:6400:16:19de:2b00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://ci2.plymouthrock.com/qpay/login
Submission: On April 27 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 2600:9000:2127:6400:16:19de:2b00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is ci2.plymouthrock.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on October 18th 2022. Valid for: a year.
This is the only time ci2.plymouthrock.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 2600:9000:212... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
7 34.96.102.137 396982 (GOOGLE-CL...)
18 4
Apex Domain
Subdomains		 Transfer
7 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5046
120 KB
6 plymouthrock.com
ci2.plymouthrock.com
37 KB
1 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 613
70 KB
0 dynatrace.com Failed
js-cdn.dynatrace.com Failed
18 4
Domain Requested by
7 dev.visualwebsiteoptimizer.com ci2.plymouthrock.com
dev.visualwebsiteoptimizer.com
6 ci2.plymouthrock.com ci2.plymouthrock.com
1 maps.googleapis.com ci2.plymouthrock.com
maps.googleapis.com
0 js-cdn.dynatrace.com Failed ci2.plymouthrock.com
18 4

This site contains no links.

Subject Issuer Validity Valid
ci2.plymouthrock.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-18 -
2023-10-18		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2022-07-04 -
2023-08-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ci2.plymouthrock.com/qpay/login
Frame ID: A068B815642B0F99F92957F1C131E1F0
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welcome to Plymouth Rock eService

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • dev\.visualwebsiteoptimizer\.com/?([\d.]+)

Page Statistics

18
Requests

78 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

228 kB
Transfer

713 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
ci2.plymouthrock.com/qpay/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:6400:16:19de:2b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ab02317fd9c95c4d7b5b3ef15f67df76c03b3e157c0d9837c176e623d98a29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
59203
content-length
4995
content-security-policy
default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
content-type
text/html
date
Thu, 27 Apr 2023 02:16:21 GMT
etag
"2683c249ee88d42838a1c1fab373c1fb"
last-modified
Thu, 13 Apr 2023 15:52:29 GMT
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 7cfba11baf6016eafce83142b99c8ff8.cloudfront.net (CloudFront)
x-amz-cf-id
CaZe_VFG6bEdWlujldO9ZYvhcfMHaXz4wvSfGFiN5SkQe4NspBpy7A==
x-amz-cf-pop
PRG50-C1
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
qKizepOfJ.ZzSfRqW2.9JRD.siI1keqB
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
f326e83cc2bcc65_complete.js
js-cdn.dynatrace.com/jstag/16ab023090d/bf43539rvj/ 		0
0
js
maps.googleapis.com/maps/api/ 		220 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDQbStquTShyK9WuiDfgJPnCF91cM3L7dI&libraries=places&language=en
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
1f68361ed4c3b98c10a90468b5f3d487c1c13680657392ca047cfb1bcf349ebd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71506
x-xss-protection
0
styles.859fe8381bbcc1751dad.css
ci2.plymouthrock.com/ 		0
0
runtime-latest.4fabb41065f177319e96.js
ci2.plymouthrock.com/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ci2.plymouthrock.com/runtime-latest.4fabb41065f177319e96.js
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:6400:16:19de:2b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ab02317fd9c95c4d7b5b3ef15f67df76c03b3e157c0d9837c176e623d98a29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ci2.plymouthrock.com/qpay/login
Origin
https://ci2.plymouthrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 02:16:21 GMT
x-amz-version-id
qKizepOfJ.ZzSfRqW2.9JRD.siI1keqB
via
1.1 7cfba11baf6016eafce83142b99c8ff8.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
x-amz-cf-pop
PRG50-C1
age
59203
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
content-length
4995
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 13 Apr 2023 15:52:29 GMT
server
AmazonS3
etag
"2683c249ee88d42838a1c1fab373c1fb"
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
x-amz-cf-id
zqHB-QEx2nQvyILGPjdzgkFwHeST6b2izYODh9FackDmQNS38gtyLA==
polyfills-latest.16180c1864328d071176.js
ci2.plymouthrock.com/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ci2.plymouthrock.com/polyfills-latest.16180c1864328d071176.js
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:6400:16:19de:2b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ab02317fd9c95c4d7b5b3ef15f67df76c03b3e157c0d9837c176e623d98a29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ci2.plymouthrock.com/qpay/login
Origin
https://ci2.plymouthrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 02:16:21 GMT
x-amz-version-id
qKizepOfJ.ZzSfRqW2.9JRD.siI1keqB
via
1.1 7cfba11baf6016eafce83142b99c8ff8.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
x-amz-cf-pop
PRG50-C1
age
59203
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
content-length
4995
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 13 Apr 2023 15:52:29 GMT
server
AmazonS3
etag
"2683c249ee88d42838a1c1fab373c1fb"
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
x-amz-cf-id
E2zbwFHakJNst8IVrVWfybsG4mJbVrsvCz5cUqnRZaQmyuo04CJhYw==
polyfill-webcomp-es5.76605a5d71264e165922.js
ci2.plymouthrock.com/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ci2.plymouthrock.com/polyfill-webcomp-es5.76605a5d71264e165922.js
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:6400:16:19de:2b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ab02317fd9c95c4d7b5b3ef15f67df76c03b3e157c0d9837c176e623d98a29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/qpay/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 02:16:21 GMT
x-amz-version-id
qKizepOfJ.ZzSfRqW2.9JRD.siI1keqB
via
1.1 7cfba11baf6016eafce83142b99c8ff8.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
x-amz-cf-pop
PRG50-C1
age
59203
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
content-length
4995
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 13 Apr 2023 15:52:29 GMT
server
AmazonS3
etag
"2683c249ee88d42838a1c1fab373c1fb"
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
x-amz-cf-id
lvjljwZuT5spWkMyEa1ovv9-j7tlpJDRA0tw0BsNMF2y7B9PSmzp2A==
polyfill-webcomp.c7bc41cfc96eece79854.js
ci2.plymouthrock.com/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ci2.plymouthrock.com/polyfill-webcomp.c7bc41cfc96eece79854.js
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:6400:16:19de:2b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ab02317fd9c95c4d7b5b3ef15f67df76c03b3e157c0d9837c176e623d98a29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/qpay/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 02:16:21 GMT
x-amz-version-id
qKizepOfJ.ZzSfRqW2.9JRD.siI1keqB
via
1.1 7cfba11baf6016eafce83142b99c8ff8.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
x-amz-cf-pop
PRG50-C1
age
59203
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
content-length
4995
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 13 Apr 2023 15:52:29 GMT
server
AmazonS3
etag
"2683c249ee88d42838a1c1fab373c1fb"
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
x-amz-cf-id
eblKvRplj6yuNVh9iixeVglYuXCJIPw4TbDUHTGe4HwlfLEJmbxv2Q==
main-latest.6112aaf10a2ec2c408fa.js
ci2.plymouthrock.com/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ci2.plymouthrock.com/main-latest.6112aaf10a2ec2c408fa.js
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:6400:16:19de:2b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5ab02317fd9c95c4d7b5b3ef15f67df76c03b3e157c0d9837c176e623d98a29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ci2.plymouthrock.com/qpay/login
Origin
https://ci2.plymouthrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 02:16:21 GMT
x-amz-version-id
qKizepOfJ.ZzSfRqW2.9JRD.siI1keqB
via
1.1 7cfba11baf6016eafce83142b99c8ff8.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
x-amz-cf-pop
PRG50-C1
age
59203
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
content-length
4995
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 13 Apr 2023 15:52:29 GMT
server
AmazonS3
etag
"2683c249ee88d42838a1c1fab373c1fb"
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
x-amz-cf-id
MTH2eTidIcQMu1IniyZ0Ms-K4S1rBlOmgy5XKBxLzpJiL05zmkSMsw==
j.php
dev.visualwebsiteoptimizer.com/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=282434&u=https%3A%2F%2Fci2.plymouthrock.com%2Fqpay%2Flogin&f=1&r=0.0323779664237247
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
38cdb6b7fa2f901ccfe0678d53c1c327ceeed5db33715f6a9cccae4583de5b0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1682601957"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
styles.859fe8381bbcc1751dad.css
ci2.plymouthrock.com/ 		0
0
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		0
0
va-1109323de58fbf93c34cede3640c090f.js
dev.visualwebsiteoptimizer.com/7.0/ 		230 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/va-1109323de58fbf93c34cede3640c090f.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=282434&u=https%3A%2F%2Fci2.plymouthrock.com%2Fqpay%2Flogin&f=1&r=0.0323779664237247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
30bcd71afcdda806a68fbda347e2ad1d68d9cf10766c640b9d8f7189d28f19cb

Request headers

Referer
https://ci2.plymouthrock.com/
Origin
https://ci2.plymouthrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 27 Apr 2023 13:25:34 GMT
server
gfra1
etag
"644a77ce-1035a"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66394
track-1109323de58fbf93c34cede3640c090f.js
dev.visualwebsiteoptimizer.com/7.0/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/track-1109323de58fbf93c34cede3640c090f.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=282434&u=https%3A%2F%2Fci2.plymouthrock.com%2Fqpay%2Flogin&f=1&r=0.0323779664237247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
8dd59732e53325113275071cc94faa052579fb32e1d04476bde76e206549ceb6

Request headers

Referer
https://ci2.plymouthrock.com/
Origin
https://ci2.plymouthrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 27 Apr 2023 13:25:34 GMT
server
gfra1
etag
"644a77ce-f5f"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3935
opa-74021bde9081c83799a0980273db90d9.js
dev.visualwebsiteoptimizer.com/analysis/4.0/ 		111 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-74021bde9081c83799a0980273db90d9.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=282434&u=https%3A%2F%2Fci2.plymouthrock.com%2Fqpay%2Flogin&f=1&r=0.0323779664237247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
b129834ec8f7bbc1c1d8283ef0ef863355bf6417de20f1789b63f8b90e707e1e

Request headers

Referer
https://ci2.plymouthrock.com/
Origin
https://ci2.plymouthrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 27 Apr 2023 13:25:25 GMT
server
gfra1
etag
"644a77c5-7168"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29032
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=282434&d=ci2.plymouthrock.com&u=D9251D142B7B7A779A0142731EC0CB976&h=f0def97986f710f9b5214969e507a7b9&t=false&r=0.11318217267599695
Requested by
Host: ci2.plymouthrock.com
URL: https://ci2.plymouthrock.com/qpay/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 18:43:04 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
settings.js
dev.visualwebsiteoptimizer.com/ 		55 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/settings.js?a=282434&settings_type=1&vn=7.0&exc=27
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/7.0/va-1109323de58fbf93c34cede3640c090f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
d9310c6a76f16dcde71ea262cb763bb1390dbe1e9f53caa26ed3197f3ff01be6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1682601957"
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
worker-70faafffa0475802f5ee03ca5ff74179.js
dev.visualwebsiteoptimizer.com/analysis/ 		47 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-74021bde9081c83799a0980273db90d9.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ci2.plymouthrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 18:43:04 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 27 Apr 2023 13:25:25 GMT
server
gfra1
etag
"644a77c5-351f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13599

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
js-cdn.dynatrace.com
URL
https://js-cdn.dynatrace.com/jstag/16ab023090d/bf43539rvj/f326e83cc2bcc65_complete.js
Domain
ci2.plymouthrock.com
URL
https://ci2.plymouthrock.com/styles.859fe8381bbcc1751dad.css
Domain
ci2.plymouthrock.com
URL
https://ci2.plymouthrock.com/styles.859fe8381bbcc1751dad.css
Domain
maps.googleapis.com
URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless number| settings_timer number| _vwo_settings_timer object| _vwo_code object| google function| reactiveElementPolyfillSupport object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView function| closebrowserError number| _vwo_acc_id object| vwoCode object| _vwo_style string| _vwo_css function| commonWrapper function| pushBasedCommonWrapper string| _vwo_cookieDomain string| _vwo_uuid string| _vis_opt_file number| _vwo_library_timer string| _vis_opt_lib undefined| vwo_e number| _vwo_j_e string| _vwo_mt string| _vwo_tm object| VWO string| g object| vwo_iehack_queue object| _vwo_exp_ids object| _vwo_exp object| _vwo_pa object| VWOOmni string| _vwo_opa_cb string| _vwo_worker_cb number| _vwo_clicks function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev boolean| DISABLE_NATIVE_CONSTANTS object| _vwo_t object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath number| _vis_opt_experiment_id boolean| _vwo_settings_timed_out object| __nls number| ___vwo

6 Cookies

Domain/Path Name / Value
.ci2.plymouthrock.com/ Name: _vwo_uuid_v2
Value: D9251D142B7B7A779A0142731EC0CB976|f0def97986f710f9b5214969e507a7b9
.plymouthrock.com/ Name: _vis_opt_s
Value: 1%7C
.plymouthrock.com/ Name: _vis_opt_test_cookie
Value: 1
.plymouthrock.com/ Name: _vwo_uuid
Value: D9251D142B7B7A779A0142731EC0CB976
.plymouthrock.com/ Name: _vwo_sn
Value: 0%3A1
.plymouthrock.com/ Name: _vwo_ds
Value: 3%3At_0%2Ca_0%3A0%241682620984%3A49.81240698%3A%3A%3A27_0%3A0

10 Console Messages

Source Level URL
Text
security error URL: https://ci2.plymouthrock.com/qpay/login
Message:
Refused to apply style from 'https://ci2.plymouthrock.com/styles.859fe8381bbcc1751dad.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
javascript error URL: https://ci2.plymouthrock.com/qpay/login
Message:
Access to script at 'https://js-cdn.dynatrace.com/jstag/16ab023090d/bf43539rvj/f326e83cc2bcc65_complete.js' from origin 'https://ci2.plymouthrock.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://js-cdn.dynatrace.com/jstag/16ab023090d/bf43539rvj/f326e83cc2bcc65_complete.js
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://ci2.plymouthrock.com/runtime-latest.4fabb41065f177319e96.js
Message:
Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.
javascript error URL: https://ci2.plymouthrock.com/polyfills-latest.16180c1864328d071176.js
Message:
Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.
security error URL: https://ci2.plymouthrock.com/qpay/login
Message:
Refused to execute script from 'https://ci2.plymouthrock.com/polyfill-webcomp-es5.76605a5d71264e165922.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDQbStquTShyK9WuiDfgJPnCF91cM3L7dI&libraries=places&language=en(Line 460)
Message:
Refused to connect to 'https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com".
security error URL: https://ci2.plymouthrock.com/qpay/login
Message:
Refused to apply style from 'https://ci2.plymouthrock.com/styles.859fe8381bbcc1751dad.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://ci2.plymouthrock.com/qpay/login
Message:
Refused to execute script from 'https://ci2.plymouthrock.com/polyfill-webcomp.c7bc41cfc96eece79854.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
javascript error URL: https://ci2.plymouthrock.com/main-latest.6112aaf10a2ec2c408fa.js
Message:
Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.visualwebsiteoptimizer.com https://heapanalytics.com http://*.plymouthrock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-cdn.dynatrace.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://tags.tiqcdn.com http://tags.tiqcdn.com http://www.google-analytics.com http://www.googleadservices.com http://cdn.heapanalytics.com https://heapanalytics.com https://fullstory.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://rs.fullstory.com https://stats.g.doubleclick.net https://*.plymouthrock.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block