urlscan.io logo urlscan.io
SecurityTrails logo

www.costain.com Open in urlscan Pro
2606:4700:3108::ac42:2b5b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.costain.com/
Effective URL: https://www.costain.com/
Submission: On November 05 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 33 HTTP transactions. The main IP is 2606:4700:3108::ac42:2b5b, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.costain.com.
TLS certificate: Issued by E6 on October 27th 2024. Valid for: 3 months.
This is the only time www.costain.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
25 2606:4700:310... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.67.8.54 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2001:1b40:e20... 20860 (IOMART-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
33 9
25    2606:4700:3108::ac42:2b5b (United States)

ASN13335 (CLOUDFLARENET, US)
www.costain.com
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    172.67.8.54 (United States)

ASN13335 (CLOUDFLARENET, US)
cc.cdn.civiccomputing.com
1    2606:4700:10::6816:1cc (United States)

ASN13335 (CLOUDFLARENET, US)
acsbapp.com
1    2001:1b40:e200::1b:243 (United Kingdom)

ASN20860 (IOMART-AS, GB)
apikeys.civiccomputing.com
1    2606:4700:10::ac43:b9b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.acsbapp.com
Apex Domain
Subdomains		 Transfer
25 costain.com
www.costain.com
2 MB
2 acsbapp.com
acsbapp.com — Cisco Umbrella Rank: 3740
cdn.acsbapp.com — Cisco Umbrella Rank: 3977
117 KB
2 civiccomputing.com
cc.cdn.civiccomputing.com — Cisco Umbrella Rank: 20336
apikeys.civiccomputing.com — Cisco Umbrella Rank: 20789
93 KB
1 gstatic.com
fonts.gstatic.com
32 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
81 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 683
7 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
945 B
33 7
Domain Requested by
25 www.costain.com www.costain.com
static.cloudflareinsights.com
1 cdn.acsbapp.com acsbapp.com
1 apikeys.civiccomputing.com cc.cdn.civiccomputing.com
1 acsbapp.com www.costain.com
1 cc.cdn.civiccomputing.com www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.googletagmanager.com www.costain.com
1 static.cloudflareinsights.com www.costain.com
1 fonts.googleapis.com www.costain.com
33 9

This site contains links to these domains. Also see Links.

Domain
accessibe.com
www.facebook.com
www.linkedin.com
twitter.com
21club.costain.com
Subject Issuer Validity Valid
costain.com
E6		 2024-10-27 -
2025-01-25		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
cloudflareinsights.com
WE1		 2024-11-01 -
2025-01-30		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
cc.cdn.civiccomputing.com
WE1		 2024-09-27 -
2024-12-26		 3 months crt.sh
acsbapp.com
WE1		 2024-10-16 -
2025-01-14		 3 months crt.sh
apikeys.civiccomputing.com
R11		 2024-10-11 -
2025-01-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.costain.com/
Frame ID: B43362DC80E711DEEC89B92F06C47928
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home | Costain

Page URL History Show full URLs

  1. http://www.costain.com/ HTTP 307
    https://www.costain.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cc\.cdn\.civiccomputing\.com
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js

Page Statistics

33
Requests

100 %
HTTPS

89 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

2545 kB
Transfer

3961 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.costain.com/ HTTP 307
    https://www.costain.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.costain.com/
Redirect Chain
  • http://www.costain.com/
  • https://www.costain.com/
102 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b52022e47f8705c80341e4402d04a1b39f569b11a7f74511d76fd6473b0afabf
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-Uj94LpDr3QvdgVGXsnomO7b4G1h2hZVB+KHZdgnQKOc=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8ddf7e493d4bdc92-FRA
content-encoding
br
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-Uj94LpDr3QvdgVGXsnomO7b4G1h2hZVB+KHZdgnQKOc=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
content-type
text/html; charset=utf-8
date
Tue, 05 Nov 2024 20:11:30 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
referrer-policy
no-referrer
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC"
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-ua-compatible
ie=edge

Redirect headers

Location
https://www.costain.com/
Non-Authoritative-Reason
HttpsUpgrades
css2
fonts.googleapis.com/ 		1 KB
945 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Onest:wght@100..900&display=swap
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1416cb969c04a57d22f1d2dd6c1c303c7045077083259356dc3e14676bc0b289
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 05 Nov 2024 20:11:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Tue, 05 Nov 2024 18:35:14 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
style.min.css
www.costain.com/css/ 		408 KB
88 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/css/style.min.css?v=TevWPTyCfk-PXbXgAUOnheRA76g9YX7YJzbzYyA1n-I
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4debd63d3c827e4f8f5db5e00143a785e440efa83d617ed82736f36320359fe2
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-xFXPXDqSySd3meVbOK6uso9+kVnjDkm4d2Fi0AFj+ug=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
etag
"1db1a459a3e7305"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
text/css
last-modified
Wed, 09 Oct 2024 12:20:18 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-xFXPXDqSySd3meVbOK6uso9+kVnjDkm4d2Fi0AFj+ug=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4a180bdc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
global.js
www.costain.com/js/ 		578 KB
232 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/js/global.js?v=yOV75LtpOCX2WmxfKbtO8-v3FHWGDwFbVnjG6otExcY
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8e57be4bb693825f65a6c5f29bb4ef3ebf71475860f015b5678c6ea8b44c5c6
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-NegwTc4uJnPmQF+q6S6tVc7JUhueNYlo3ibaITaUBVk=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
etag
"1db1a45a9be7fdd"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
text/javascript
last-modified
Wed, 09 Oct 2024 12:20:44 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-NegwTc4uJnPmQF+q6S6tVc7JUhueNYlo3ibaITaUBVk=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4aea33dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
costain-logo-1.svg
www.costain.com/media/lcmbnxiy/ 		4 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/lcmbnxiy/costain-logo-1.svg
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1f941ddc1486d5fef4eaf96ebc2dd27b66857ae0dba319a4d9990e718dca3eb
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-my6DE78tO323vexjj9a10l9EOQHPE3BuN2viPhaXenk=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
BYPASS
etag
W/"1dafe0acf2fcf1d"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Sep 2024 14:08:54 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-my6DE78tO323vexjj9a10l9EOQHPE3BuN2viPhaXenk=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4a180cdc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
shape-hero-top.svg
www.costain.com/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/assets/images/shape-hero-top.svg
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d551557c6482cf5511cf83d40973e02730909c4769adb6c0ae0bbb0ae786933
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-8sTgH4g4pzOUVqrvQq2M2Ml1RD1nRp84u9aatF6xBLk=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
BYPASS
etag
W/"1db1a44e3d44063"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/svg+xml
last-modified
Wed, 09 Oct 2024 12:15:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-8sTgH4g4pzOUVqrvQq2M2Ml1RD1nRp84u9aatF6xBLk=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4a1810dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
shape-hero-top-tablet.svg
www.costain.com/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/assets/images/shape-hero-top-tablet.svg
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f082887ca554fc4519f745764673dd0f3180f3699aad74b91722a79988aa493
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-TNA62OhM3J7KAzkQT3R1gW9arcXRbug3Lu1AE9ZdNxQ=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
BYPASS
etag
W/"1db1a44e3d44f77"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/svg+xml
last-modified
Wed, 09 Oct 2024 12:15:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-TNA62OhM3J7KAzkQT3R1gW9arcXRbug3Lu1AE9ZdNxQ=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4ab99ddc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
shape-hero-top-mobile.svg
www.costain.com/assets/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/assets/images/shape-hero-top-mobile.svg
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95c86bc98b841763e234599ea1b7f32108a1663fafc5d1d3eb10531cd24a62fa
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-1q81vHhnG6BKfbvHd3PiYkyt7RvxiY3I3C8Sv+zIbVc=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
BYPASS
etag
W/"1db1a44e3d44dcd"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/svg+xml
last-modified
Wed, 09 Oct 2024 12:15:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-1q81vHhnG6BKfbvHd3PiYkyt7RvxiY3I3C8Sv+zIbVc=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4ab9aedc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
image-1.webp
www.costain.com/media/tzynynpp/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/tzynynpp/image-1.webp?width=1540&height=794&v=1db004fa5a60960
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
351b36c2706dd277097709f7318ef2090f6d25353e50818e68f19b0f4020c299
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-uSIdt334Yk8jIi7HGeEd9wPCPuuhoj7n64nf7hCbt7E=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db0051743b8430"
age
211
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Fri, 06 Sep 2024 11:39:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-uSIdt334Yk8jIi7HGeEd9wPCPuuhoj7n64nf7hCbt7E=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea30dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
32048
server
cloudflare
kielder-reservoir-credit-northumbrian-water-small.jpg
www.costain.com/media/raphextz/ 		108 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/raphextz/kielder-reservoir-credit-northumbrian-water-small.jpg?width=1540&height=794&v=1db26e937abc100
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13f8e9127c7e4a5c36fb1a4fd2ea72ca450688d1bbd12107e81f278f27a286da
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-7s46CST/XAwdq5Xmwh4ow2eYIcHK/ehO7IzE4SB3wHA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db24552809bbc4"
age
365621
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 07:36:50 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-7s46CST/XAwdq5Xmwh4ow2eYIcHK/ehO7IzE4SB3wHA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea34dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
110276
server
cloudflare
thames-tideway-will-deliver-net-positive-environmental-benefits-credit-tideway.jpg
www.costain.com/media/fredjmgu/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/fredjmgu/thames-tideway-will-deliver-net-positive-environmental-benefits-credit-tideway.jpg?rxy=0.42347816734781674,0.4909511018448041&width=1540&height=794&v=1db26e9284975e0
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
660f7b1399a2b361fdec5b8cc1aa09f88b4bf9cb387ce69b17d484f871166bcd
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-yskcAfln4PUyuglckrpgnPHZ2uEOAUYuxqZY475dOFo=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db1fe55add5fe6"
age
365621
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Wed, 16 Oct 2024 16:06:27 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-yskcAfln4PUyuglckrpgnPHZ2uEOAUYuxqZY475dOFo=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea37dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
56422
server
cloudflare
carbon-tool-website-homepage-slider-1540-x-794-px.png
www.costain.com/media/ppydncmy/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/ppydncmy/carbon-tool-website-homepage-slider-1540-x-794-px.png?rxy=0.4951856946354883,0.5336002757646224&width=1540&height=794&v=1db1fb277bbd5c0
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f269c8826d8f4ff9203c29193be617124a0fa4fd413c75c9d630fdabe13bdeec
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-qnK6nDbiaG3h/oIvlMd1sovC2kT6isSQTdR7hberrK4=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db1e190f640242"
age
52421
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Mon, 14 Oct 2024 09:11:32 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-qnK6nDbiaG3h/oIvlMd1sovC2kT6isSQTdR7hberrK4=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea3cdc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
1210434
server
cloudflare
drone_2.webp
www.costain.com/media/1t5b1q3y/ 		122 KB
123 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/1t5b1q3y/drone_2.webp?width=1540&height=794&v=1db004fa4bc1e90
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
810dbfa607f7af60ea73e2336ac65b3ea62465354f4b1f5105f051fb133f2f1f
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-2vSfFrptI2x79RTtiqkfKmgWADYDcyNBfG3W8FeGxbs=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db0051743a1faa"
age
3821
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Fri, 06 Sep 2024 11:39:38 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-2vSfFrptI2x79RTtiqkfKmgWADYDcyNBfG3W8FeGxbs=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea3edc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
124586
server
cloudflare
image-text-shape-01.jpg
www.costain.com/media/rcldwex5/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/rcldwex5/image-text-shape-01.jpg?width=972&height=502&v=1db09af217d05d0
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8716aa454a26baf20c924c87473bd24869d474caeb89c37584a839e36377a88
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-ZEO2c7R6tqfTtJQjG4nijDj4/tIWjKf3o8Uq4nqkUhE=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1dafe0ae4a42418"
age
480822
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 03 Sep 2024 14:09:30 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-ZEO2c7R6tqfTtJQjG4nijDj4/tIWjKf3o8Uq4nqkUhE=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea3fdc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
77080
server
cloudflare
1952x1000-2.jpg
www.costain.com/media/qpvhbjyg/ 		77 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/qpvhbjyg/1952x1000-2.jpg?width=972&height=502&v=1db1fb277ab0ce0
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
244f3654365d698274992bd48c307c6330a90fe64a2ffc466d2e95da980d880f
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-3uSac2JzhNa6Sfu+LTv4cUdYYCIbQcenC1uBWmtEte8=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1dafe0ae4a43c60"
age
551005
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 03 Sep 2024 14:09:30 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-3uSac2JzhNa6Sfu+LTv4cUdYYCIbQcenC1uBWmtEte8=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea40dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
79200
server
cloudflare
image-text-shape-03.jpg
www.costain.com/media/3dalupiq/ 		96 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/3dalupiq/image-text-shape-03.jpg?width=972&height=502&v=1db09afb2d01630
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f61f058746e024d2f7850ffbd6f81f6972a6e579bf741867f818ebedcbadda9
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-E2b6DiTcudfnB6cEK6DA8nxXzrBONCb04w2qgu4w2zA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1dafe0ace96c826"
age
3821
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 03 Sep 2024 14:08:53 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-E2b6DiTcudfnB6cEK6DA8nxXzrBONCb04w2qgu4w2zA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea43dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
98470
server
cloudflare
image-text-shape-04.jpg
www.costain.com/media/4prjbrjx/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/4prjbrjx/image-text-shape-04.jpg?width=972&height=502&v=1db0830e6257af0
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e44f9a4143e0e7e1ee46c61e61c4f2f2ddedbedce4b2f4c1188c77de8d0ad67
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-4DGfF6DrowZoIUdC+POnUKTnjANPWFrEj79ez8ettL4=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1dafe0ae2dbd9e6"
age
88422
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 03 Sep 2024 14:09:27 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-4DGfF6DrowZoIUdC+POnUKTnjANPWFrEj79ez8ettL4=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea46dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
40038
server
cloudflare
insights-banner.jpg
www.costain.com/media/hcddjep0/ 		45 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/hcddjep0/insights-banner.jpg?width=675&height=260&v=1db1fb2919bace0
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2b2ee91b4226ff047a8778749dbf5d0a191844d2c080a83791eaa2a0f65844d
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-kdy5ZHT0p+tQpDyQW1+o/gI97Qksb388pVmqxr1+Lyo=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1dafe0aca6b9e74"
age
551005
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 03 Sep 2024 14:08:46 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-kdy5ZHT0p+tQpDyQW1+o/gI97Qksb388pVmqxr1+Lyo=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea58dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
46452
server
cloudflare
1952x1000-1.jpg
www.costain.com/media/guhgosac/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/media/guhgosac/1952x1000-1.jpg?rxy=0.24261545017533534,0.4070015784656286&width=1540&height=340&v=1db1fb277ae1a20
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
321a6535a6ccce95061243f46eb904760e4d9ee5d71990aa35b387a89292894f
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-CgAnM5Ssq77Mdf3sHCflVIJ/s2qtut7bmh5dAAU7jVw=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1dafe0ae5d675e8"
age
553285
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Tue, 03 Sep 2024 14:09:32 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-CgAnM5Ssq77Mdf3sHCflVIJ/s2qtut7bmh5dAAU7jVw=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, immutable
referrer-policy
no-referrer
cf-ray
8ddf7e4aea5adc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
17384
server
cloudflare
email-decode.min.js
www.costain.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
817 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"672112ce-4d7"
x-content-type-options
nosniff
cf-ray
8ddf7e4aea5bdc92-FRA
expires
Thu, 07 Nov 2024 20:11:30 GMT
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
application/javascript
last-modified
Tue, 29 Oct 2024 16:52:30 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.costain.com
Referer

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8ddf7e4b0884d2f6-FRA
access-control-allow-origin
*
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
gtm.js
www.googletagmanager.com/ 		233 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TJLS9TJV
Requested by
Host: www.costain.com
URL: https://www.costain.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5647dffddc4e2edbbcb82508af4849b4f94a063977455ad68b2f428fd56cb12d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Tue, 05 Nov 2024 20:11:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 05 Nov 2024 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
82402
x-xss-protection
0
server
Google Tag Manager
line-dashed-blue.png
www.costain.com/assets/images/ 		114 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/assets/images/line-dashed-blue.png
Requested by
Host: www.costain.com
URL: https://www.costain.com/css/style.min.css?v=TevWPTyCfk-PXbXgAUOnheRA76g9YX7YJzbzYyA1n-I
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee38917110fa0878dbd087585f673349b0c632d7d91b57b7bf6dedc0d035f29e
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-4tB9cpwl7sUaT489SeSHNhskz8OUt+Z8Hq0vT8rTprs=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db1e322d040df2"
age
596021
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Mon, 14 Oct 2024 12:11:19 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-4tB9cpwl7sUaT489SeSHNhskz8OUt+Z8Hq0vT8rTprs=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, must-revalidate
referrer-policy
no-referrer
cf-ray
8ddf7e4aea5ddc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
114
server
cloudflare
line-dashed-green.png
www.costain.com/assets/images/ 		114 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/assets/images/line-dashed-green.png
Requested by
Host: www.costain.com
URL: https://www.costain.com/css/style.min.css?v=TevWPTyCfk-PXbXgAUOnheRA76g9YX7YJzbzYyA1n-I
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a04eda8f2c07a085e70dc34b34fc8115ca5b135dd254d9f51476ad26d8d51747
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-HKhe0MQcfgGOr6DmJ4SqaPDraLM9kJ6D/NGmQT4Tlfo=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"1db1a4f8396d3f2"
age
596021
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/webp
last-modified
Wed, 09 Oct 2024 13:31:15 GMT
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-HKhe0MQcfgGOr6DmJ4SqaPDraLM9kJ6D/NGmQT4Tlfo=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
public, max-age=604800, must-revalidate
referrer-policy
no-referrer
cf-ray
8ddf7e4afa6fdc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
114
server
cloudflare
shape-hero-bottom.svg
www.costain.com/assets/images/ 		935 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costain.com/assets/images/shape-hero-bottom.svg
Requested by
Host: www.costain.com
URL: https://www.costain.com/css/style.min.css?v=TevWPTyCfk-PXbXgAUOnheRA76g9YX7YJzbzYyA1n-I
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb3230bcd44c5da7f2cedf66544511a6e1cd9dec2d31ee5651af32142710ed2d
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-Nzc3IcsyHpy+gO38vEQTP8Frltte/8s4iafyHWrPUNw=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
BYPASS
etag
W/"1db1a44e3d44ba7"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
image/svg+xml
last-modified
Wed, 09 Oct 2024 12:15:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-Nzc3IcsyHpy+gO38vEQTP8Frltte/8s4iafyHWrPUNw=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4afa73dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare
gNMKW3F-SZuj7xmf-HY.woff2
fonts.gstatic.com/s/onest/v6/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/onest/v6/gNMKW3F-SZuj7xmf-HY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Onest:wght@100..900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b7650d2e1b163ebdce8e7c79762bb054c49693702a6582f5cdc365a027fa591
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.costain.com
Referer
https://fonts.googleapis.com/

Response headers

age
534905
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 30 Oct 2025 15:36:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 30 Oct 2024 15:36:25 GMT
last-modified
Mon, 27 Nov 2023 19:26:44 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
32216
x-xss-protection
0
server
sffe
svgicons.woff2
www.costain.com/assets/fonts/ 		3 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/assets/fonts/svgicons.woff2?t=1728476404959
Requested by
Host: www.costain.com
URL: https://www.costain.com/css/style.min.css?v=TevWPTyCfk-PXbXgAUOnheRA76g9YX7YJzbzYyA1n-I
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be341255b43212ca8dbf88673ba31a89073dfce697ba80e3821588a1d111e147
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-FM4788yftNVf1v76zL91lQtVF87IROdIgX8Yvn1IxMA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.costain.com
Referer

Response headers

cf-cache-status
BYPASS
etag
"1db1a4593111488"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
font/woff2
last-modified
Wed, 09 Oct 2024 12:20:06 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-FM4788yftNVf1v76zL91lQtVF87IROdIgX8Yvn1IxMA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4b5be9dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
accept-ranges
bytes
content-length
2952
server
cloudflare
cookieControl-9.x.min.js
cc.cdn.civiccomputing.com/9/ 		328 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJLS9TJV
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.8.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a27761ece752747fc51cb8bb7664a45b4bb8b6bb83df735b9d5cf13e02dc0d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"51ee3-60ae6406753f6-gzip"
age
260
x-content-type-options
nosniff
access-control-allow-methods
GET
expires
Tue, 12 Nov 2024 20:07:10 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
application/javascript
vary
X-Forwarded-Protocol,Accept-Encoding
last-modified
Fri, 24 Nov 2023 13:51:39 GMT
access-control-allow-headers
origin, x-requested-with, content-type
x-frame-options
SAMEORIGIN
cache-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
cf-ray
8ddf7e4c3d411bcf-FRA
access-control-allow-origin
*
x-xss-protection
1
server
cloudflare
app.js
acsbapp.com/apps/app/dist/js/ 		382 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acsbapp.com/apps/app/dist/js/app.js
Requested by
Host: www.costain.com
URL: https://www.costain.com/js/global.js?v=yOV75LtpOCX2WmxfKbtO8-v3FHWGDwFbVnjG6otExcY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d15f7c19eab921bdd46cf2f29ed0063cd830bca3997c7ee5a241429fe72f6b0d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

x-goog-metageneration
3
access-control-expose-headers
*
x-goog-hash
crc32c=f3O64Q==, md5=tecEUw0lsvtId0GjtDGnbA==
cf-cache-status
HIT
etag
W/"b5e704530d25b2fb487741a3b431a76c"
content-encoding
br
x-goog-stored-content-encoding
identity
expires
Wed, 05 Nov 2025 20:11:30 GMT
x-goog-stored-content-length
390823
date
Tue, 05 Nov 2024 20:11:30 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 30 Oct 2024 11:01:27 GMT
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY2NaXFa8E7OAZLeLJQdsHFfp6Ck0gOLsCzEvuKuvofndIC76SmHSyxQHUx2Mn-sSuVJYrGzyJIWjQ
cache-control
public, max-age=300, must-revalidate
x-goog-storage-class
STANDARD
cf-ray
8ddf7e4d38c1dbce-FRA
access-control-allow-origin
*
x-goog-generation
1730286087200924
server
cloudflare
v
apikeys.civiccomputing.com/c/ 		484 B
868 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apikeys.civiccomputing.com/c/v?d=www.costain.com&p=CookieControl%20Multi-Site&v=9&k=fa2ccff0bfa8a43281efcaa76e77d077a745640d&format=json
Requested by
Host: cc.cdn.civiccomputing.com
URL: https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:1b40:e200::1b:243 , United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS
Software
Apache /
Resource Hash
035faa92efc6c0e32f0542b3349e0fbd5cbf07109ed2dcf86ed535a0e3e8e388
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer

Response headers

cache-control
max-age=7200, private
referrer-policy
strict-origin-when-cross-origin
access-control-allow-methods
GET
expires
Tue, 05 Nov 2024 22:11:12 GMT
access-control-allow-origin
*
x-apikeys
hit
date
Tue, 05 Nov 2024 20:11:30 GMT
x-xss-protection
1
content-type
application/json
vary
X-Forwarded-Protocol
server
Apache
x-content-type-options
nosniff
access-control-allow-headers
origin, x-requested-with, content-type
config.json
cdn.acsbapp.com/config/costain.com/ 		163 B
701 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.acsbapp.com/config/costain.com/config.json?page=%2F
Requested by
Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:b9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2586c576f78156a9fdc6f5d570add3de9c48c1c5f5d66735599ea02e8bd2c5b6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

x-goog-metageneration
1
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=h/LYZA==, md5=AF/6A2OFIBZ39TBpgZOOWA==
cf-cache-status
REVALIDATED
etag
W/"005ffa036385201677f5306981938e58"
content-encoding
br
x-goog-stored-content-encoding
identity
expires
Wed, 05 Nov 2025 20:11:31 GMT
x-goog-stored-content-length
163
date
Tue, 05 Nov 2024 20:11:31 GMT
content-type
application/json
last-modified
Thu, 25 Jul 2024 15:22:52 GMT
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY2JSkAP811yBDr9y2GkaguP7VX-oKp0-0KqAE6yxNi7qYAOXVnzN1cnGOOgWZS7HIhBLQ
cache-control
public, max-age=300, must-revalidate
x-goog-storage-class
STANDARD
cf-ray
8ddf7e4fbdd7dcc0-FRA
access-control-allow-origin
*
x-goog-generation
1721920972111686
server
cloudflare
rum
www.costain.com/cdn-cgi/ 		0
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json
Referer

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8ddf7e4fba22dc92-FRA
access-control-allow-origin
https://www.costain.com
date
Tue, 05 Nov 2024 20:11:31 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
favicon.ico
www.costain.com/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.costain.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cdfeb681146108e17b0dc8f0a5cff812c45bccd6c022d1ade35e0ad7d575924
Security Headers
Name Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-2oGWhDY/iw91tNcFer4AfafeQmgwuUfsZlKEKodV0MA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
BYPASS
etag
W/"1db1a44e3d4742e"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-ua-compatible
ie=edge
date
Tue, 05 Nov 2024 20:11:31 GMT
content-type
image/x-icon
last-modified
Wed, 09 Oct 2024 12:15:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-2oGWhDY/iw91tNcFer4AfafeQmgwuUfsZlKEKodV0MA=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer
cf-ray
8ddf7e4fba34dc92-FRA
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), fullscreen=()
server
cloudflare

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| dataLayer object| google_tag_manager object| google_tag_data function| iFrameResize function| iframeChildListener object| __cfBeacon function| setImmediate function| clearImmediate object| regeneratorRuntime object| CookieControl function| pure_Promise object| pure_JSON object| pure_CSS function| pure_URL function| pure_fetch function| pure_Set function| pure_Map object| webpackChunkwidget object| AJS object| acsbJS object| AccessiBe object| acsb object| accessWidget function| new_user function| pesrona_match function| persona_identifier function| set_persona function| set_reset_persona function| page_topic function| pure_addEventListener function| pure_removeEventListener

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' maps.googleapis.com vimeo.com player.vimeo.com;script-src 'self' 'nonce-Uj94LpDr3QvdgVGXsnomO7b4G1h2hZVB+KHZdgnQKOc=' 'strict-dynamic' cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com ajax.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: maps.gstatic.com i.vimeocdn.com maps.googleapis.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com;frame-src 'self' marketplace.umbraco.com www.youtube.com irs.tools.investis.com otp.tools.investis.com www.google.com player.vimeo.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.civiccomputing.com maps.googleapis.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com apikeys.civiccomputing.com cdn.plyr.io cdn.acsbapp.com acsbapp.com accesswidget-log-receiver.acsbapp.com backend.acsbapp.com;form-action 'self';upgrade-insecure-requests ;block-all-mixed-content ;frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acsbapp.com
apikeys.civiccomputing.com
cc.cdn.civiccomputing.com
cdn.acsbapp.com
fonts.googleapis.com
fonts.gstatic.com
static.cloudflareinsights.com
www.costain.com
www.googletagmanager.com
172.67.8.54
2001:1b40:e200::1b:243
2606:4700:10::6816:1cc
2606:4700:10::ac43:b9b
2606:4700:3108::ac42:2b5b
2606:4700::6810:5049
2a00:1450:4001:827::200a
2a00:1450:4001:82b::2008
2a00:1450:4001:830::2003
035faa92efc6c0e32f0542b3349e0fbd5cbf07109ed2dcf86ed535a0e3e8e388
0cdfeb681146108e17b0dc8f0a5cff812c45bccd6c022d1ade35e0ad7d575924
13f8e9127c7e4a5c36fb1a4fd2ea72ca450688d1bbd12107e81f278f27a286da
1416cb969c04a57d22f1d2dd6c1c303c7045077083259356dc3e14676bc0b289
1f61f058746e024d2f7850ffbd6f81f6972a6e579bf741867f818ebedcbadda9
244f3654365d698274992bd48c307c6330a90fe64a2ffc466d2e95da980d880f
2586c576f78156a9fdc6f5d570add3de9c48c1c5f5d66735599ea02e8bd2c5b6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d551557c6482cf5511cf83d40973e02730909c4769adb6c0ae0bbb0ae786933
321a6535a6ccce95061243f46eb904760e4d9ee5d71990aa35b387a89292894f
351b36c2706dd277097709f7318ef2090f6d25353e50818e68f19b0f4020c299
3f082887ca554fc4519f745764673dd0f3180f3699aad74b91722a79988aa493
4debd63d3c827e4f8f5db5e00143a785e440efa83d617ed82736f36320359fe2
5647dffddc4e2edbbcb82508af4849b4f94a063977455ad68b2f428fd56cb12d
5a27761ece752747fc51cb8bb7664a45b4bb8b6bb83df735b9d5cf13e02dc0d1
660f7b1399a2b361fdec5b8cc1aa09f88b4bf9cb387ce69b17d484f871166bcd
7e44f9a4143e0e7e1ee46c61e61c4f2f2ddedbedce4b2f4c1188c77de8d0ad67
810dbfa607f7af60ea73e2336ac65b3ea62465354f4b1f5105f051fb133f2f1f
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
95c86bc98b841763e234599ea1b7f32108a1663fafc5d1d3eb10531cd24a62fa
9b7650d2e1b163ebdce8e7c79762bb054c49693702a6582f5cdc365a027fa591
a04eda8f2c07a085e70dc34b34fc8115ca5b135dd254d9f51476ad26d8d51747
a8716aa454a26baf20c924c87473bd24869d474caeb89c37584a839e36377a88
b1f941ddc1486d5fef4eaf96ebc2dd27b66857ae0dba319a4d9990e718dca3eb
b52022e47f8705c80341e4402d04a1b39f569b11a7f74511d76fd6473b0afabf
be341255b43212ca8dbf88673ba31a89073dfce697ba80e3821588a1d111e147
c8e57be4bb693825f65a6c5f29bb4ef3ebf71475860f015b5678c6ea8b44c5c6
cb3230bcd44c5da7f2cedf66544511a6e1cd9dec2d31ee5651af32142710ed2d
d15f7c19eab921bdd46cf2f29ed0063cd830bca3997c7ee5a241429fe72f6b0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee38917110fa0878dbd087585f673349b0c632d7d91b57b7bf6dedc0d035f29e
f269c8826d8f4ff9203c29193be617124a0fa4fd413c75c9d630fdabe13bdeec
f2b2ee91b4226ff047a8778749dbf5d0a191844d2c080a83791eaa2a0f65844d