Submitted URL: http://avivastaffpension.com/
Effective URL: https://experience200.ehr.com/avivastaffpension
Submission: On June 08 via manual from GB — Scanned from GB

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 71 HTTP transactions. The main IP is 20.50.15.174, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is experience200.ehr.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on June 23rd 2022. Valid for: a year.
This is the only time experience200.ehr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.74.99.103 397213 (SECURITYS...)
1 1 13.248.221.1 16509 (AMAZON-02)
1 1 76.223.81.247 16509 (AMAZON-02)
1 1 158.82.145.58 40196 (WILLISNOR...)
3 46 20.50.15.174 8075 (MICROSOFT...)
1 2 51.138.55.218 8075 (MICROSOFT...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
5 2a04:4e42::485 54113 (FASTLY)
4 2606:2800:133... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
71 9
Apex Domain
Subdomains
Transfer
49 ehr.com
avivastaffpension.ehr.com
experience200.ehr.com
embarkliteauth200.ehr.com
4 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 412
155 KB
5 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 377
74 KB
4 azureedge.net
e20embarkprdstgsitecdn.azureedge.net
3 MB
4 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 993
103 KB
2 avivastaffpensions.co.uk
www.avivastaffpensions.co.uk
305 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 57
21 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 671
295 B
1 avivastaffpension.com
avivastaffpension.com
230 B
71 9
Domain Requested by
46 experience200.ehr.com 3 redirects experience200.ehr.com
12 cdn.cookielaw.org experience200.ehr.com
cdn.cookielaw.org
5 cdn.jsdelivr.net experience200.ehr.com
4 e20embarkprdstgsitecdn.azureedge.net experience200.ehr.com
4 maxcdn.bootstrapcdn.com embarkliteauth200.ehr.com
maxcdn.bootstrapcdn.com
2 embarkliteauth200.ehr.com 1 redirects
2 www.avivastaffpensions.co.uk 2 redirects
1 www.google-analytics.com experience200.ehr.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 avivastaffpension.ehr.com 1 redirects
1 avivastaffpension.com 1 redirects
71 11

This site contains links to these domains. Also see Links.

Domain
www.onetrust.com
Subject Issuer Validity Valid
experience200.ehr.com
GlobalSign RSA OV SSL CA 2018
2022-06-23 -
2023-07-11
a year crt.sh
embarkliteauth200.ehr.com
GlobalSign RSA OV SSL CA 2018
2022-08-17 -
2023-09-18
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-12-30 -
2023-12-30
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2023-04-01 -
2024-03-31
a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4
2022-12-23 -
2024-01-24
a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA
2023-05-05 -
2024-04-28
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-12-13 -
2023-12-13
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh

This page contains 1 frames:

Primary Page: https://experience200.ehr.com/avivastaffpension
Frame ID: AB0F52CEF86419CE35DD1C09D39C2E1D
Requests: 72 HTTP requests in this frame

Screenshot

Page Title

Home Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. http://avivastaffpension.com/ HTTP 301
    http://www.avivastaffpensions.co.uk/ HTTP 302
    https://www.avivastaffpensions.co.uk/ HTTP 301
    https://avivastaffpension.ehr.com/ HTTP 302
    https://experience200.ehr.com/avivastaffpension HTTP 302
    https://experience200.ehr.com/avivastaffpension/Sign-In?returnurl=%2favivastaffpension HTTP 302
    https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/?target=Se... Page URL
  2. https://embarkliteauth200.ehr.com/default.ashx?classname=GUESTAUTHENTICATE&target=SelfService-AVIVAPortal24&GU... HTTP 302
    https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE= Page URL
  3. https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/receive?target=SelfService-... HTTP 302
    https://experience200.ehr.com/avivastaffpension Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /js/dnncore\.js
  • /js/dnn\.js

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?slick-theme\.css

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

71
Requests

100 %
HTTPS

50 %
IPv6

9
Domains

11
Subdomains

9
IPs

3
Countries

7599 kB
Transfer

9638 kB
Size

23
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://avivastaffpension.com/ HTTP 301
    http://www.avivastaffpensions.co.uk/ HTTP 302
    https://www.avivastaffpensions.co.uk/ HTTP 301
    https://avivastaffpension.ehr.com/ HTTP 302
    https://experience200.ehr.com/avivastaffpension HTTP 302
    https://experience200.ehr.com/avivastaffpension/Sign-In?returnurl=%2favivastaffpension HTTP 302
    https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-AVIVAPortal24&relaystate=&rnd=5239791597817 Page URL
  2. https://embarkliteauth200.ehr.com/default.ashx?classname=GUESTAUTHENTICATE&target=SelfService-AVIVAPortal24&GUESTTYPE=16 HTTP 302
    https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE= Page URL
  3. https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/receive?target=SelfService-AVIVAPortal24 HTTP 302
    https://experience200.ehr.com/avivastaffpension Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://avivastaffpension.com/ HTTP 301
  • http://www.avivastaffpensions.co.uk/ HTTP 302
  • https://www.avivastaffpensions.co.uk/ HTTP 301
  • https://avivastaffpension.ehr.com/ HTTP 302
  • https://experience200.ehr.com/avivastaffpension HTTP 302
  • https://experience200.ehr.com/avivastaffpension/Sign-In?returnurl=%2favivastaffpension HTTP 302
  • https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-AVIVAPortal24&relaystate=&rnd=5239791597817
Request Chain 1
  • https://embarkliteauth200.ehr.com/default.ashx?classname=GUESTAUTHENTICATE&target=SelfService-AVIVAPortal24&GUESTTYPE=16 HTTP 302
  • https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=

71 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/
Redirect Chain
  • http://avivastaffpension.com/
  • http://www.avivastaffpensions.co.uk/
  • https://www.avivastaffpensions.co.uk/
  • https://avivastaffpension.ehr.com/
  • https://experience200.ehr.com/avivastaffpension
  • https://experience200.ehr.com/avivastaffpension/Sign-In?returnurl=%2favivastaffpension
  • https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-AVIVAPortal24&relaystate=&rnd=5239791597817
6 KB
7 KB
Document
General
Full URL
https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-AVIVAPortal24&relaystate=&rnd=5239791597817
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Length
5430
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 08 Jun 2023 09:17:23 GMT
Expires
-1
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache
Connection
keep-alive
Content-Length
284
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 08 Jun 2023 09:17:23 GMT
Expires
-1
Location
https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-AVIVAPortal24&relaystate=&rnd=5239791597817
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
default.ashx
embarkliteauth200.ehr.com/
Redirect Chain
  • https://embarkliteauth200.ehr.com/default.ashx?classname=GUESTAUTHENTICATE&target=SelfService-AVIVAPortal24&GUESTTYPE=16
  • https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=
17 KB
15 KB
Document
General
Full URL
https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.138.55.218 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7c3d3c5b9d676e33ab7f42dbf14a372e9d72537189dd229cd9a7856192eb2f50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://experience200.ehr.com
Referer
https://experience200.ehr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Length
14998
Content-Type
text/html; charset=utf-8
Date
Thu, 08 Jun 2023 09:17:24 GMT
Expires
Wed, 07 Jun 2023 16:37:24 GMT
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
207
Content-Type
text/html; charset=utf-8
Date
Thu, 08 Jun 2023 09:17:24 GMT
Expires
Wed, 07 Jun 2023 16:37:24 GMT
Location
/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/
39 KB
11 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js
Requested by
Host: embarkliteauth200.ehr.com
URL: https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://embarkliteauth200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
947
age
15997421
cdn-cachedat
07/16/2022 17:19:14
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"2f34b630ffe30ba2ff2b91e3f3c322a1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
0fb6faa3f70233f3b39776be5165f78e
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
7d400aa61b9824d2-LHR
cdn-requestpullsuccess
True
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/
27 KB
6 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Requested by
Host: embarkliteauth200.ehr.com
URL: https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://embarkliteauth200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
946
age
1185892
cdn-cachedat
12/05/2022 13:28:43
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"4fbd15cb6047af93373f4f895639c8bf"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
bcb39ab50267bbcc43f8187c22d3376f
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
7d400aa61b9424d2-LHR
cdn-requestpullsuccess
True
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/
119 KB
20 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css
Requested by
Host: embarkliteauth200.ehr.com
URL: https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://embarkliteauth200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
947
age
15992446
cdn-cachedat
07/16/2022 17:19:07
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"7f89537eaf606bff49f5cc1a7c24dbca"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
fdf9e1965b8800b648baedf4787c203b
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
7d400aa61b9724d2-LHR
cdn-requestpullsuccess
True
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/
65 KB
66 KB
Font
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Origin
https://embarkliteauth200.ehr.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1073
age
910199
cdn-cachedat
12/25/2022 15:18:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
66624
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
"db812d8a70a4e88e888744c1c9a27e89"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
cf2e994730865bc343571c056c1bf528
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
7d400aa7196674b1-LHR
cdn-requestpullsuccess
True
Primary Request avivastaffpension
experience200.ehr.com/
Redirect Chain
  • https://experience200.ehr.com/avivastaffpension/desktopmodules/portal/api/saml/receive?target=SelfService-AVIVAPortal24
  • https://experience200.ehr.com/avivastaffpension
79 KB
18 KB
Document
General
Full URL
https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
12560459b0032796c3391b781441efc3edb8c9f276b337d62b7988a213bf8f74
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://embarkliteauth200.ehr.com
Referer
https://embarkliteauth200.ehr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Length
16230
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 08 Jun 2023 09:17:25 GMT
Expires
-1
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-UA-Compatible
IE=edge
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Cross-Origin-Opener-Policy
same-origin
Date
Thu, 08 Jun 2023 09:17:25 GMT
Expires
-1
Location
https://experience200.ehr.com/avivastaffpension
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
0mEq0pw2uQHv5iDD8WI5Bw==
age
41417
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6759
x-ms-lease-status
unlocked
last-modified
Wed, 07 Jun 2023 16:32:56 GMT
server
cloudflare
etag
0x8DB6774D9A252AC
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
3716749f-201e-00a4-2578-99e202000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400aadfa25d168-LHR
cookieBannerLibrary.js
experience200.ehr.com/DesktopModules/hrportal/portalcore/
6 KB
4 KB
Script
General
Full URL
https://experience200.ehr.com/DesktopModules/hrportal/portalcore/cookieBannerLibrary.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
00ba591213c8984f41b412383946ea06199fc7c92f1e8cbdc5615627b4514b0f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:25 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
2582
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:27 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"3f52c1f3616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
default.css
experience200.ehr.com/Resources/Shared/stylesheets/dnndefault/7.0.0/
95 KB
25 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Resources/Shared/stylesheets/dnndefault/7.0.0/default.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
afd70ce9d30cdb91bb4ce9a95fcae6ac8029a0df37fc3653794a611064a9eadb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
24088
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 07:19:14 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0c59a6c83dbd71:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
module.css
experience200.ehr.com/DesktopModules/HRPortal/CallToActionBanner/
29 B
1 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/DesktopModules/HRPortal/CallToActionBanner/module.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a01685de43a041b9be21dedb6af22ca78df6414ca18906b536a8224f3bbd21ab
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
146
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:14:53 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"80c8a697616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
module.css
experience200.ehr.com/DesktopModules/HRPortal/Accordion/
0
1 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/DesktopModules/HRPortal/Accordion/module.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:14:42 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"367d5691616fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
skin.css
experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/
18 KB
6 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/skin.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
8bb385c834c824266f65ea54014ceeab4a317afd7c21ae5ce060aa0f2ee4a477
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
4922
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:08 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"89278dd1656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
animation.css
experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/css/
20 KB
4 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/css/animation.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
33e8f0ba7f3f8ffed24fedc65f19fdb993ee94b5dfa4eed359a84c43c48ce589
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
2341
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:05 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"351d3ad0656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
image-picker.css
experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/css/
1 KB
2 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/css/image-picker.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7a40946ec123e1f32b0129afd0e501181be1031f4bdb1d6d1f1ea12a55630352
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
501
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:06 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"7ee88d0656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
portal.css
experience200.ehr.com/Portals/32/
4 KB
2 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/32/portal.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c79fc8944f807843e8394bf9ab4399b0ba03b63e3c02585d5fc4a827a4a47a28
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
1021
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 15 May 2023 09:50:52 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"eff49cbc1287d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
video-js.min.css
experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs/
39 KB
18 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs/video-js.min.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
437542647c68f4c9811bec0d669c91e0ad7e4c1c6a0d0c33111e5d8d5183c7c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
16914
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:38 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"382c41fa616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
videojs-errors.css
experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs-errors/
2 KB
2 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs-errors/videojs-errors.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
65dd62dc9085ae96bc02813b12de21dad43d212d528572f13260ea5b33efc0df
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
1008
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:35 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"9d4528f8616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
redactor.min.css
experience200.ehr.com/desktopmodules/hrportal/portaldependencies/Content/redactor/
35 KB
15 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portaldependencies/Content/redactor/redactor.min.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2648395e2780a5c8199e4ff98eeaf38fd3c783ec61fd35d0eb1a356a37e74c99
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
13660
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:39 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"b22613fb616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
slick.css
experience200.ehr.com/desktopmodules/hrportal/portaldependencies/Content/slick/
2 KB
2 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portaldependencies/Content/slick/slick.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f0b722c48c52082cd77261574e22a5251fe37ea4b291b1441134145bab9b2063
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
773
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:39 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"eb9c9fb616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
slick-theme.css
experience200.ehr.com/desktopmodules/hrportal/portaldependencies/Content/slick/
3 KB
2 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portaldependencies/Content/slick/slick-theme.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
597978bca0f97e5bb3f70452c24f8a0c93db7f7229433c2a54706b85cdd39aa6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
1161
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:39 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"274efbfa616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
jquery.js
experience200.ehr.com/Resources/libraries/jQuery/03_05_01/
87 KB
40 KB
Script
General
Full URL
https://experience200.ehr.com/Resources/libraries/jQuery/03_05_01/jquery.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
39750
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 May 2020 20:08:22 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"03f1b169928d61:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
jquery-migrate.js
experience200.ehr.com/Resources/libraries/jQuery-Migrate/03_02_00/
10 KB
6 KB
Script
General
Full URL
https://experience200.ehr.com/Resources/libraries/jQuery-Migrate/03_02_00/jquery-migrate.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5b75e5e0e4bb647829251620d795ef999a6e06e8b19f9da3ea193f9ae24f7712
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
4471
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 12 May 2020 20:08:22 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"03f1b169928d61:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
jquery-ui.js
experience200.ehr.com/Resources/libraries/jQuery-UI/01_12_01/
527 KB
175 KB
Script
General
Full URL
https://experience200.ehr.com/Resources/libraries/jQuery-UI/01_12_01/jquery-ui.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
14845b025fdd36d2873664d4ae6e7bfc836871b902db41d8fa11ead5aa72d2b4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 18:26:20 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0ae659181e9d41:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
WebResource.axd
experience200.ehr.com/
23 KB
7 KB
Script
General
Full URL
https://experience200.ehr.com/WebResource.axd?d=pynGkmcFUV2Qtg4wGsg2semmxeGb9QAB-UniqCnicBaMTr29w1oDeNKLGGc1&t=638087347382655934
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
6007
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 08 Jan 2023 00:32:18 GMT
Cross-Origin-Opener-Policy
same-origin
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Fri, 03 May 2024 14:34:54 GMT
bootstrap.min.js
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/
39 KB
39 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://experience200.ehr.com/
Origin
https://experience200.ehr.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Jun 2023 09:17:26 GMT
x-content-type-options
nosniff
age
7330661
x-jsd-version
3.4.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
39680
x-served-by
cache-fra-eddf8230057-FRA, cache-lcy-eglc8600036-LCY
x-jsd-version-type
version
etag
W/"9b00-sW/YImvWv7COVo8bHQoh1gJHzvs"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/
119 KB
21 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.min.css
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://experience200.ehr.com/
Origin
https://experience200.ehr.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Jun 2023 09:17:26 GMT
x-content-type-options
nosniff
content-encoding
br
age
7330661
x-jsd-version
3.4.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
21308
x-served-by
cache-fra-eddf8230115-FRA, cache-lcy-eglc8600036-LCY
x-jsd-version-type
version
etag
W/"1da71-sJcv3M6C/Vg9TCzMPy4990BKGdA"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
bootstrap-switch.min.js
cdn.jsdelivr.net/npm/bootstrap-switch@3.3.4/dist/js/
15 KB
4 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-switch@3.3.4/dist/js/bootstrap-switch.min.js
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
00a509633d83c84a19607876ffeccf1e6d6d4dd61be1c986f070b6c9d993ccce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://experience200.ehr.com/
Origin
https://experience200.ehr.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Jun 2023 09:17:26 GMT
x-content-type-options
nosniff
content-encoding
br
age
1765183
x-jsd-version
3.3.4
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
3840
x-served-by
cache-fra-eddf8230073-FRA, cache-lcy-eglc8600036-LCY
x-jsd-version-type
version
etag
W/"3a48-hfpQ7+jzZIcnQ75C0VPOzry0+9c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
bootstrap-switch.min.css
cdn.jsdelivr.net/npm/bootstrap-switch@3.3.4/dist/css/bootstrap3/
5 KB
2 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-switch@3.3.4/dist/css/bootstrap3/bootstrap-switch.min.css
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b23dea9114d920bf0a7dfe5f493d535f4105f6512649f1608cdbee8b0d82579c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://experience200.ehr.com/
Origin
https://experience200.ehr.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Jun 2023 09:17:26 GMT
x-content-type-options
nosniff
content-encoding
br
age
2607643
x-jsd-version
3.3.4
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1191
x-served-by
cache-fra-eddf8230077-FRA, cache-lcy-eglc8600036-LCY
x-jsd-version-type
version
etag
W/"15ec-Lr5VjnUwx2q73jDIQNjkeNPuZhg"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
jquery.blueimp-gallery.min.js
cdn.jsdelivr.net/npm/blueimp-gallery@2.27.0/js/
31 KB
9 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/blueimp-gallery@2.27.0/js/jquery.blueimp-gallery.min.js
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37ec002010819712a81b8cdb5eea6d144047037d1998c4724ef6f4b78aa899ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://experience200.ehr.com/
Origin
https://experience200.ehr.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Jun 2023 09:17:26 GMT
x-content-type-options
nosniff
content-encoding
br
age
1851905
x-jsd-version
2.27.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
9027
x-served-by
cache-fra-eddf8230024-FRA, cache-lcy-eglc8600036-LCY
x-jsd-version-type
version
etag
W/"7d1f-4SlzMrPrqrjppfvRScjSOz4vNdI"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
redactor.min.js
experience200.ehr.com/desktopmodules/hrportal/portaldependencies/scripts/redactor/
159 KB
42 KB
Script
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portaldependencies/scripts/redactor/redactor.min.js
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0d9a15d2b174a2039e19d9bc7e7eeca4507ac276b79ea97e1bfa084d3b4cb318
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
41354
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:38 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"06df1f9616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
base.css
experience200.ehr.com/Portals/_default/Skins/HRT.Portal.DNNThemes.Default/portal/_base/
205 KB
53 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/_default/Skins/HRT.Portal.DNNThemes.Default/portal/_base/base.css?k=%271441%27
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
09ee7148e72afadf87ef6fc1284ef19ca436d3a9e0db258857271ea974be2f1e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
53016
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:00 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"c5df6cc656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
icons.css
experience200.ehr.com/Portals/_default/Skins/HRT.Portal.DNNThemes.Default/css/
31 KB
7 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/_default/Skins/HRT.Portal.DNNThemes.Default/css/icons.css?k=%271441%27
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1ac17551cd97df53d037a5b961b5b0a664bffa1c1f54ce940e9a8a60707928b1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
6068
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:06 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"a5c681d0656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
default.css
experience200.ehr.com/Portals/_default/Skins/HRT.Portal.DNNThemes.Default/portal/default/
34 KB
9 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/_default/Skins/HRT.Portal.DNNThemes.Default/portal/default/default.css?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0f8faf16507a6bbcf7d0b6c7e2ae049fb85da844f404620ba7499349ebde6586
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
8264
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:02 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"f4943fce656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
LinkClick.aspx
experience200.ehr.com/
15 KB
5 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/LinkClick.aspx?fileticket=EDe6swH9-3I%3d&portalid=32
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5fb2ec03028eb90d087f620c8a3e35194ff9b6e0a80ffd64719fd2651c352076
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Content-Disposition
inline; filename="theme_21adda00e52f453d9fcb4095fdf5d116.css"
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Cross-Origin-Opener-Policy
same-origin
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
ScriptResource.axd
experience200.ehr.com/
100 KB
26 KB
Script
General
Full URL
https://experience200.ehr.com/ScriptResource.axd?d=NJmAwtEo3Io1rQopuo4suQaPAoeFu1DVuXEGQd7oKwbwGagSTGK8nkqwJlfQo9zvro8pBX2Cxv_iBa9DHWLRtTAdFfjd4uwLtCmW6vVk37VI46iFcX6nhTTEfPBtZI8JtbGwjw2&t=49337fe8
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
25609
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 04 May 2023 14:35:52 GMT
Cross-Origin-Opener-Policy
same-origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Fri, 03 May 2024 14:35:52 GMT
ScriptResource.axd
experience200.ehr.com/
39 KB
11 KB
Script
General
Full URL
https://experience200.ehr.com/ScriptResource.axd?d=dwY9oWetJoKaC1RR9V2TH_tTux_tQBhvz_SFCeDNP8IQAoF6gjv07zghIxpAB7xNd-hgyz1o0-pW0oSKAl-sGJT9KBx1CAUszH7Zp1CondV68sTpL_92lJpTnQsbFLAjMRN6ylkKthU_bs-i0&t=49337fe8
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
9984
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 04 May 2023 14:35:53 GMT
Cross-Origin-Opener-Policy
same-origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Fri, 03 May 2024 14:35:53 GMT
dnn.js
experience200.ehr.com/js/
18 KB
8 KB
Script
General
Full URL
https://experience200.ehr.com/js/dnn.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
75e237b6a229c7f0315236b1c6439079b8c1941e122cbe15212e848f2150b0a8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
6952
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 07:19:14 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0c59a6c83dbd71:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
dnn.modalpopup.js
experience200.ehr.com/js/
7 KB
6 KB
Script
General
Full URL
https://experience200.ehr.com/js/dnn.modalpopup.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
264a300caab89c920e27c7bd535aff709bd18caf076555dff7533327a9103600
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
4365
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 07:19:14 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0c59a6c83dbd71:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
jquery.hoverIntent.min.js
experience200.ehr.com/Resources/Shared/Scripts/jquery/
1 KB
2 KB
Script
General
Full URL
https://experience200.ehr.com/Resources/Shared/Scripts/jquery/jquery.hoverIntent.min.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4f957350d75f686c375599d7f06b7cafca256e2c62d5d43af5d0ab4b0f0bb6b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
803
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 07:19:14 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0c59a6c83dbd71:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
jquery.svginject.js
experience200.ehr.com/desktopmodules/hrportal/portaldependencies/scripts/
3 KB
3 KB
Script
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portaldependencies/scripts/jquery.svginject.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f3daa258980ddffca84b0135e6943bcb7e4e98e3f0cff5cbc0fdf86147d99d3d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
1459
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:19:22 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"f74d5238626fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
Portal.OnLoad.js
experience200.ehr.com/desktopmodules/hrportal/portalcore/scripts/
7 KB
3 KB
Script
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portalcore/scripts/Portal.OnLoad.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6b0c83d87e85006d316ad3829129d8bf6cc86fc110edd09541d59647601730c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
2125
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:26 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"932d42f3616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
portalCustom.js
experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/js/
9 KB
4 KB
Script
General
Full URL
https://experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/js/portalCustom.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
38179c8fd73af9cfb9ea31729fa2991b94a2b03c6f9de0075f59a16609b998ae
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
3144
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:03 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"3391b9ce656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
video.min.js
experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs/
254 KB
80 KB
Script
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs/video.min.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a7cebba0d200f251d3ec995057aba7ed64198bcd0a8d35c786dcdd4a93aa1e76
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:38 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"dbb469fa616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
videojs-errors.min.js
experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs-errors/
4 KB
3 KB
Script
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/PortalDependencies/scripts/videojs-errors/videojs-errors.min.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f93275dae3f5daefa42e3d7a5e370bad2a34759001f968275ddbf806383cda64
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
2092
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:35 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"85f638f8616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
dnncore.js
experience200.ehr.com/js/
8 KB
4 KB
Script
General
Full URL
https://experience200.ehr.com/js/dnncore.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6d618705bb99d254e258f29b786aa2ab7f91a18ef9a571921d7b1363cf79abca
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
3176
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 07:19:14 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0c59a6c83dbd71:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
dnn.servicesframework.js
experience200.ehr.com/js/
939 B
2 KB
Script
General
Full URL
https://experience200.ehr.com/js/dnn.servicesframework.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0ae6a170dc9f4e2026a5ad7093d84a5dfd3b6d434cdb0defb0bce0ed0db2fd8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
517
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 17 Nov 2021 07:19:14 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"0c59a6c83dbd71:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
BootStrapNav.js
experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/BootstrapNav/
805 B
2 KB
Script
General
Full URL
https://experience200.ehr.com/Portals/_default/skins/hrt.portal.dnnthemes.default/BootstrapNav/BootStrapNav.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
88ed580acfc76baf343661dadf399559407aed9e81e71465bbef54887685d92f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
546
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:45:06 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"1713a1d0656fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
RedactorExtension.js
experience200.ehr.com/desktopmodules/hrportal/portalcore/scripts/
38 KB
12 KB
Script
General
Full URL
https://experience200.ehr.com/desktopmodules/hrportal/portalcore/scripts/RedactorExtension.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a4e47da9636e940585c4c536d3a54fb896ea22909f819bfcfa1d023a695ef22
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
10548
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 15 Apr 2023 06:17:26 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"94f246f3616fd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
scripts.js
e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/
614 KB
615 KB
Script
General
Full URL
https://e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/scripts.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CED) /
Resource Hash
ccf329703e23f610dee5d72889a3770ce40321cdbf0dfae903e54e54a0dacaef
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Sat, 15 Apr 2023 06:35:11 GMT
server
ECAcc (frc/4CED)
content-md5
eUKDCV0RQeejsAVxNNwDFw==
age
523409
etag
"0x8DB3D7B9017B33D"
x-cache
HIT
content-type
application/x-javascript
x-ms-request-id
eb7d7a98-c01e-001b-8027-954c11000000
x-ms-version
2018-03-28
accept-ranges
bytes
content-length
629145
runtime.js
e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/
2 KB
2 KB
Script
General
Full URL
https://e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/runtime.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C8B) /
Resource Hash
c4396feb9187ba3678a6ce3596125922ce6e8dd17e4676bbca6f30974c97d7f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Sat, 15 Apr 2023 06:35:10 GMT
server
ECAcc (frc/4C8B)
content-md5
rty0Kggv/vlxFIxiYgo23w==
age
523409
etag
"0x8DB3D7B9007D747"
x-cache
HIT
content-type
application/x-javascript
x-ms-request-id
a3b954d0-f01e-0068-5327-95c317000000
x-ms-version
2018-03-28
accept-ranges
bytes
content-length
1607
polyfills.js
e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/
71 KB
71 KB
Script
General
Full URL
https://e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/polyfills.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE9) /
Resource Hash
ab4f56f8f3092b3827ff390f733199dae72e9f39bc04cc1d59693eaa926ff779
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Sat, 15 Apr 2023 06:35:11 GMT
server
ECAcc (frc/4CE9)
content-md5
g+TOmr50qj9ryCeyzFB/JA==
age
523409
etag
"0x8DB3D7B900B8031"
x-cache
HIT
content-type
application/x-javascript
x-ms-request-id
40aa2f9e-901e-00d6-1927-95174e000000
x-ms-version
2018-03-28
accept-ranges
bytes
content-length
72499
main.js
e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/
2 MB
2 MB
Script
General
Full URL
https://e20embarkprdstgsitecdn.azureedge.net/desktopmodules/hrportal/portalcore/ascripts/essdist/main.js?cdv=1441
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE2) /
Resource Hash
f903898f1e3dc7da47ee4d3c2a501c45aa8e6b3c3add6716b4db3cb96d3b7189
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Sat, 15 Apr 2023 06:35:11 GMT
server
ECAcc (frc/4CE2)
content-md5
m8ae1/TVklr4Fuqm5XKvDg==
age
523409
etag
"0x8DB3D7B904106C1"
x-cache
HIT
content-type
application/x-javascript
x-ms-request-id
d85e4111-a01e-0021-7d27-956315000000
x-ms-version
2018-03-28
accept-ranges
bytes
content-length
2153314
LinkClick.aspx
experience200.ehr.com/
1 MB
1 MB
Image
General
Full URL
https://experience200.ehr.com/LinkClick.aspx?fileticket=a3P_2r1B0Mw%3d&portalid=32
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
33f12a17be378e8725ffe4110de3c571515d8815f259a3b8177157491c2cf4eb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Cross-Origin-Opener-Policy
same-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
private
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Content-Disposition
inline; filename="Aviva-2022-Embark-Image-3-490px wide.jpg"
Connection
keep-alive
Content-Length
1192057
X-XSS-Protection
1; mode=block
LinkClick.aspx
experience200.ehr.com/
801 KB
802 KB
Image
General
Full URL
https://experience200.ehr.com/LinkClick.aspx?fileticket=oET53Iyrm88%3d&portalid=32
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6bc022230a3a952069a0b7680442481c4cdbf15d9b0f142e3b675f7d56f7193d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Cross-Origin-Opener-Policy
same-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
private
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Content-Disposition
inline; filename="Aviva-2022-Embark-Image-10-490px wide.jpg"
Connection
keep-alive
Content-Length
819803
X-XSS-Protection
1; mode=block
LinkClick.aspx
experience200.ehr.com/
703 KB
704 KB
Image
General
Full URL
https://experience200.ehr.com/LinkClick.aspx?fileticket=TaUgN9_AUuc%3d&portalid=32
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5bb5b679cbce5f60c8c1c627c360738f527872a8f2c1ca8ab495f1b1c69686a4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Cross-Origin-Opener-Policy
same-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
private
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Content-Disposition
inline; filename="Aviva-2022-Embark-Image-8-490px wide.jpg"
Connection
keep-alive
Content-Length
719977
X-XSS-Protection
1; mode=block
LinkClick.aspx
experience200.ehr.com/
1 MB
1 MB
Image
General
Full URL
https://experience200.ehr.com/LinkClick.aspx?fileticket=ckrq3FaevTI%3d&portalid=32
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
06a9a8e5e3e836a8e1f593f92d1ed7fede0411f9c0f26d9f5a51eea3c468795c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/avivastaffpension
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:27 GMT
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Cross-Origin-Opener-Policy
same-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
private
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Content-Disposition
inline; filename="Aviva-2022-Embark-Image-4-490px wide.jpg"
Connection
keep-alive
Content-Length
1174523
X-XSS-Protection
1; mode=block
5e1129f7-d98f-4765-b7a7-7c6aa58d683e.json
cdn.cookielaw.org/consent/5e1129f7-d98f-4765-b7a7-7c6aa58d683e/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/5e1129f7-d98f-4765-b7a7-7c6aa58d683e/5e1129f7-d98f-4765-b7a7-7c6aa58d683e.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e91999f03e4452cf0549c62828db73af4ee7aaa3209f93a1d4a858572f66ffe9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
HowTkohc7fY0EsDZgwy5YQ==
age
45669
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1921
x-ms-lease-status
unlocked
last-modified
Wed, 15 Mar 2023 07:29:50 GMT
server
cloudflare
etag
0x8DB25270FB5CF5A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
25f58b44-801e-004c-32e7-5a1ff9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400aaf1f4271cf-LHR
expires
Fri, 09 Jun 2023 09:17:26 GMT
ADVANCED-COMPONENT-appLinkCollection.css
experience200.ehr.com/Portals/32/
6 KB
2 KB
Stylesheet
General
Full URL
https://experience200.ehr.com/Portals/32/ADVANCED-COMPONENT-appLinkCollection.css
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/Portals/32/portal.css?cdv=1441
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.15.174 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
570f39189aa7aa24713ae8c1b1149115be6f43edff92f65a4a1ae5526b6c0281
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/Portals/32/portal.css?cdv=1441
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Thu, 08 Jun 2023 09:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Connection
keep-alive
Content-Length
791
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 14 Jul 2022 12:37:11 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
same-origin
ETag
"80351c707e97d81:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=31536000
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://experience200.ehr.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 09:17:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
7d400ab05c1471aa-LHR
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.39.0/
372 KB
89 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Zp/CcrZmK7hQ2S6c/t9Tpw==
age
56233
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
90454
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:31:04 GMT
server
cloudflare
etag
0x8DA87805EB35DE2
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
526a626c-301e-007c-66e1-5a45d3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab2cc07d168-LHR
analytics.js
www.google-analytics.com/
51 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 08 Jun 2023 08:35:27 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
2519
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Thu, 08 Jun 2023 10:35:27 GMT
en-us.json
cdn.cookielaw.org/consent/5e1129f7-d98f-4765-b7a7-7c6aa58d683e/83f6372d-36f3-4fc4-887a-f426605b86bb/
44 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/5e1129f7-d98f-4765-b7a7-7c6aa58d683e/83f6372d-36f3-4fc4-887a-f426605b86bb/en-us.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad0d767689848fc638081a370f1aee00134f63304992136b04e053b059ef3532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sb8qiTUBcdKiGfUr7v7wNw==
age
8249
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12542
x-ms-lease-status
unlocked
last-modified
Wed, 15 Mar 2023 07:29:54 GMT
server
cloudflare
etag
0x8DB25271299245D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
48a42c22-901e-015c-22e7-5a6f4a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab5ea6871cf-LHR
expires
Fri, 09 Jun 2023 09:17:27 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Xx897lTVYGjMQiwuGCrzDA==
age
42996
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3007
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:55 GMT
server
cloudflare
etag
0x8DA87805972EF22
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
e4dfc28a-001e-0091-4de7-5a4c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab68b5b71cf-LHR
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/
62 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
331852fd9912583b03043c973d33d23b2711924f3731bd8bcd31b7000a6d4a60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
444ho/eGhWdN7ej7RCW2zw==
age
82255
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13253
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:57 GMT
server
cloudflare
etag
0x8DA87805AD77A2D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
46b49ed6-801e-008b-50e2-5a6338000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab68b6171cf-LHR
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
22 KB
5 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
B55i3ZY9miZIaUrwjufy0w==
age
8249
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:31:09 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0f810c04-001e-009a-5b45-885423000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d400ab68b6871cf-LHR
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/svg+xml
ot_company_logo.png
cdn.cookielaw.org/logos/static/
4 KB
4 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
41811
content-length
4036
x-ms-lease-status
unlocked
last-modified
Wed, 07 Jun 2023 16:32:58 GMT
server
cloudflare
etag
0x8DB6774DADDB4E1
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
3709b713-201e-00a4-606f-99e202000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab79d0ed168-LHR
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/avivastaffpension
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
41724
x-ms-lease-status
unlocked
last-modified
Wed, 07 Jun 2023 16:32:59 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e81207dd-401e-00bf-4578-99cc90000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d400ab79d11d168-LHR
en-us.json
cdn.cookielaw.org/consent/5e1129f7-d98f-4765-b7a7-7c6aa58d683e/83f6372d-36f3-4fc4-887a-f426605b86bb/
44 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/5e1129f7-d98f-4765-b7a7-7c6aa58d683e/83f6372d-36f3-4fc4-887a-f426605b86bb/en-us.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad0d767689848fc638081a370f1aee00134f63304992136b04e053b059ef3532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sb8qiTUBcdKiGfUr7v7wNw==
age
8249
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12542
x-ms-lease-status
unlocked
last-modified
Wed, 15 Mar 2023 07:29:54 GMT
server
cloudflare
etag
0x8DB25271299245D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
48a42c22-901e-015c-22e7-5a6f4a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab7ad5b71cf-LHR
expires
Fri, 09 Jun 2023 09:17:27 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://experience200.ehr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Xx897lTVYGjMQiwuGCrzDA==
age
42996
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3007
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:55 GMT
server
cloudflare
etag
0x8DA87805972EF22
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
e4dfc28a-001e-0091-4de7-5a4c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
7d400ab81df971cf-LHR
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: experience200.ehr.com
URL: https://experience200.ehr.com/Resources/libraries/jQuery/03_05_01/jquery.js?cdv=1441
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Referer
https://experience200.ehr.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Jun 2023 09:17:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
42995
x-ms-lease-status
unlocked
last-modified
Mon, 05 Jun 2023 08:45:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
1f9cc9c4-101e-0109-4814-98843d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
7d400abc2b5471cf-LHR

Verdicts & Comments Add Verdict or Comment

168 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| OneTrustStub string| gaTrackingId string| gaDisableTrackingId string| analyticsDisabled function| DOMReady number| interval function| showCookieSettings function| deleteCookie function| setCookie function| getCookie function| cookieOptout function| cookieOptIn function| confirmChoices function| OptanonWrapper boolean| ga-disable-UA-133651819-6 string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData function| $ function| jQuery object| dimensionName string| GoogleAnalyticsObject function| ga object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY object| HRPortalGlobal object| bootstrapSwitch object| blueimp string| portalSkinPath function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events string| dnnJscriptVersion string| DNN_HIGHLIGHT_COLOR string| COL_DELIMITER string| ROW_DELIMITER string| QUOTE_REPLACEMENT number| KEY_LEFT_ARROW number| KEY_UP_ARROW number| KEY_RIGHT_ARROW number| KEY_DOWN_ARROW number| KEY_RETURN number| KEY_ESCAPE object| dnn string| s object| dnnModal function| isOnForcedPasswordResetPage undefined| ResetPageShim boolean| enabled object| start number| vdata1686215846922 function| videojs object| vttjs function| VTTRegion function| WebVTT function| videojsErrors string| DNN_COL_DELIMITER string| DNN_ROW_DELIMITER boolean| __dnn_m_bPageLoaded function| __dnn_ClientAPIEnabled function| __dnn_Page_OnLoad function| __dnn_KeyDown function| __dnn_bodyscroll function| __dnn_setScrollTop function| __dnn_SetInitialFocus function| __dnn_CanReceiveFocus function| __dnn_ContainerMaxMin_OnClick function| __dnn_Help_OnClick function| __dnn_SectionMaxMin function| __dnn_enableDragDrop undefined| __dnn_oPrevSelPane undefined| __dnn_oPrevSelModule number| __dnn_dragEventCount function| __dnn_dragOver function| __dnn_dragComplete function| __dnn_MoveToPane function| __dnn_RefreshPanes undefined| __dnn_m_aryPanes undefined| __dnn_m_aryModules function| __dnn_Panes function| __dnn_Modules function| __dnn_getMostSelectedPane function| __dnn_getPaneControlIndex function| __dnn_Pane function| __dnn_PaneControl function| __dnn_ShowModalPage function| __dnncore object| dnncore object| RedactorPlugins object| hrportaless boolean| __Zone_enable_cross_context_check object| webpackChunkess_app function| $localize object| __dynProto$Gbl object| WebChat boolean| page_IsEditing number| page_TabID number| page_TextModuleID number| page_ImageModuleID string| page_AddModuleTitle string| page_AddTextModuleTitle string| page_AddImageModuleTitle object| callToActionBannerModule_49387_JSON object| callToActionBannerModule_49388_JSON object| callToActionBannerModule_49389_JSON object| callToActionBannerModule_49390_JSON object| accordionModule_51716_JSON object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| Optanon object| OneTrust

23 Cookies

Domain/Path Name / Value
experience200.ehr.com/ Name: dnn_IsMobile
Value: False
experience200.ehr.com/ Name: language
Value: en-US
experience200.ehr.com/ Name: .ASPXANONYMOUS
Value: 3HW7TMAvcSPSdy8t7O0laVe-lUiGWDrg8B03m2AzO0HcBxFr0BH8XEbtGVfspdUtsmNKiq-3ovp1Vpjk1TgwqwVkPtmxW4sx5_FD1ec5XJh058zV0
experience200.ehr.com/ Name: Analytics_VisitorId
Value: b810d26d-89ff-4e86-b958-bfed46f86c0f
.experience200.ehr.com/ Name: ARRAffinity
Value: bb373487faa397d31d2497128207a7ad57d45bb01e3a2ffa4c81f0cd158e28dc
.experience200.ehr.com/ Name: ARRAffinitySameSite
Value: bb373487faa397d31d2497128207a7ad57d45bb01e3a2ffa4c81f0cd158e28dc
experience200.ehr.com/ Name: ASP.NET_SessionId
Value: msgym0iurntkcfqrwg2zqk3x
experience200.ehr.com/ Name: authentication
Value: HRT.Portal.DNNModules.HRPortalAuth
embarkliteauth200.ehr.com/ Name: ApplicationGatewayAffinityCORS
Value: 6690bb51bccbd5e3efb465f2f1205b98
embarkliteauth200.ehr.com/ Name: ApplicationGatewayAffinity
Value: 6690bb51bccbd5e3efb465f2f1205b98
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServiceApplook
Value: 200
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServiceApp
Value: %d7Cw.gV%9b%e18%de%d3%8ad%11%a7%beO%88NI%82%cd%80%0d%60C%a3%85%09%99%ba%03%e5%3e%f5%bcMj%b7F%b9%1c%a9j%d7%f2%86%2f
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServiceSessionHistory_Insert
Value: False
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServiceSessionHistory_Key
Value: 1a539ea9-7049-4432-8540-d32080599288
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServicePLMHJN
Value: Z0%dc%d2%f4%a8J-%98*Z%a0m%3b%ec%06
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServiceLKJHN
Value: w%c8%e8%a2%1e%9a%a8%db21l%1e%c41%cd%e5
embarkliteauth200.ehr.com/ Name: EmbarkLiteAuth200SelfServiceSessionHistory_Id
Value: 32971861
experience200.ehr.com/ Name: .DOTNETNUKE
Value: 323152FAACDD2A3D1819ACE6286EAF92239A2F8EEEADCA137E37DB79F8956BC4C17F0757545F2AE65FC8940EA2EF30D52E9362650FF71E3D8D3640B6A5211C8F69C5FDD01D22B2A0944FCDE1346705CCF75BFA73
experience200.ehr.com/ Name: Analytics
Value: SessionId=67b68f85-7f9e-4a1d-9962-365cc299e9ea&TabId=6200&ContentItemId=-1
experience200.ehr.com/ Name: LastPageId
Value: 32:6200
experience200.ehr.com/ Name: __RequestVerificationToken
Value: _-n5IH05ouwnrVafT5nnHes7ttfnaNf7po5PZYPsse34CpSjrSrq7D4oE9ompb2RnEVrPg2
experience200.ehr.com/ Name: hrp-tracking-disable
Value: true
.experience200.ehr.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Thu+Jun+08+2023+09%3A17%3A27+GMT%2B0000+(GMT)&version=6.39.0&hosts=&consentId=37426f2c-ed68-442f-a4ad-e2f286beffdb&interactionCount=0&landingPath=https%3A%2F%2Fexperience200.ehr.com%2Favivastaffpension&groups=C0001%3A1%2CC0002%3A0

1 Console Messages

Source Level URL
Text
security error URL: https://embarkliteauth200.ehr.com/default.ashx?CLASSNAME=DTOSAML&TARGET=SelfService-AVIVAPortal24&RELAYSTATE=(Line 3)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

avivastaffpension.com
avivastaffpension.ehr.com
cdn.cookielaw.org
cdn.jsdelivr.net
e20embarkprdstgsitecdn.azureedge.net
embarkliteauth200.ehr.com
experience200.ehr.com
geolocation.onetrust.com
maxcdn.bootstrapcdn.com
www.avivastaffpensions.co.uk
www.google-analytics.com
13.248.221.1
158.82.145.58
20.50.15.174
204.74.99.103
2606:2800:133:206e:1315:22a5:2006:24fd
2606:4700::6812:1d26
2606:4700::6812:a972
2606:4700::6812:acf
2a00:1450:4001:810::200e
2a04:4e42::485
51.138.55.218
76.223.81.247
00a509633d83c84a19607876ffeccf1e6d6d4dd61be1c986f070b6c9d993ccce
00ba591213c8984f41b412383946ea06199fc7c92f1e8cbdc5615627b4514b0f
06a9a8e5e3e836a8e1f593f92d1ed7fede0411f9c0f26d9f5a51eea3c468795c
09ee7148e72afadf87ef6fc1284ef19ca436d3a9e0db258857271ea974be2f1e
0ae6a170dc9f4e2026a5ad7093d84a5dfd3b6d434cdb0defb0bce0ed0db2fd8d
0be44b8963766e88bfb1034f5cf93deb8710ec30e7a54537ff463951c5976234
0d9a15d2b174a2039e19d9bc7e7eeca4507ac276b79ea97e1bfa084d3b4cb318
0f8faf16507a6bbcf7d0b6c7e2ae049fb85da844f404620ba7499349ebde6586
12560459b0032796c3391b781441efc3edb8c9f276b337d62b7988a213bf8f74
14845b025fdd36d2873664d4ae6e7bfc836871b902db41d8fa11ead5aa72d2b4
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
1ac17551cd97df53d037a5b961b5b0a664bffa1c1f54ce940e9a8a60707928b1
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2648395e2780a5c8199e4ff98eeaf38fd3c783ec61fd35d0eb1a356a37e74c99
264a300caab89c920e27c7bd535aff709bd18caf076555dff7533327a9103600
331852fd9912583b03043c973d33d23b2711924f3731bd8bcd31b7000a6d4a60
33e8f0ba7f3f8ffed24fedc65f19fdb993ee94b5dfa4eed359a84c43c48ce589
33f12a17be378e8725ffe4110de3c571515d8815f259a3b8177157491c2cf4eb
37ec002010819712a81b8cdb5eea6d144047037d1998c4724ef6f4b78aa899ac
38179c8fd73af9cfb9ea31729fa2991b94a2b03c6f9de0075f59a16609b998ae
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
437542647c68f4c9811bec0d669c91e0ad7e4c1c6a0d0c33111e5d8d5183c7c9
4f957350d75f686c375599d7f06b7cafca256e2c62d5d43af5d0ab4b0f0bb6b9
570f39189aa7aa24713ae8c1b1149115be6f43edff92f65a4a1ae5526b6c0281
597978bca0f97e5bb3f70452c24f8a0c93db7f7229433c2a54706b85cdd39aa6
5a4e47da9636e940585c4c536d3a54fb896ea22909f819bfcfa1d023a695ef22
5b75e5e0e4bb647829251620d795ef999a6e06e8b19f9da3ea193f9ae24f7712
5bb5b679cbce5f60c8c1c627c360738f527872a8f2c1ca8ab495f1b1c69686a4
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb2ec03028eb90d087f620c8a3e35194ff9b6e0a80ffd64719fd2651c352076
65dd62dc9085ae96bc02813b12de21dad43d212d528572f13260ea5b33efc0df
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
6b0c83d87e85006d316ad3829129d8bf6cc86fc110edd09541d59647601730c2
6bc022230a3a952069a0b7680442481c4cdbf15d9b0f142e3b675f7d56f7193d
6d618705bb99d254e258f29b786aa2ab7f91a18ef9a571921d7b1363cf79abca
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
75e237b6a229c7f0315236b1c6439079b8c1941e122cbe15212e848f2150b0a8
7a40946ec123e1f32b0129afd0e501181be1031f4bdb1d6d1f1ea12a55630352
7c3d3c5b9d676e33ab7f42dbf14a372e9d72537189dd229cd9a7856192eb2f50
88ed580acfc76baf343661dadf399559407aed9e81e71465bbef54887685d92f
8bb385c834c824266f65ea54014ceeab4a317afd7c21ae5ce060aa0f2ee4a477
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a01685de43a041b9be21dedb6af22ca78df6414ca18906b536a8224f3bbd21ab
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a7cebba0d200f251d3ec995057aba7ed64198bcd0a8d35c786dcdd4a93aa1e76
ab4f56f8f3092b3827ff390f733199dae72e9f39bc04cc1d59693eaa926ff779
ad0d767689848fc638081a370f1aee00134f63304992136b04e053b059ef3532
afd70ce9d30cdb91bb4ce9a95fcae6ac8029a0df37fc3653794a611064a9eadb
b23dea9114d920bf0a7dfe5f493d535f4105f6512649f1608cdbee8b0d82579c
c4396feb9187ba3678a6ce3596125922ce6e8dd17e4676bbca6f30974c97d7f6
c79fc8944f807843e8394bf9ab4399b0ba03b63e3c02585d5fc4a827a4a47a28
ccf329703e23f610dee5d72889a3770ce40321cdbf0dfae903e54e54a0dacaef
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e91999f03e4452cf0549c62828db73af4ee7aaa3209f93a1d4a858572f66ffe9
f0b722c48c52082cd77261574e22a5251fe37ea4b291b1441134145bab9b2063
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f3daa258980ddffca84b0135e6943bcb7e4e98e3f0cff5cbc0fdf86147d99d3d
f903898f1e3dc7da47ee4d3c2a501c45aa8e6b3c3add6716b4db3cb96d3b7189
f93275dae3f5daefa42e3d7a5e370bad2a34759001f968275ddbf806383cda64
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995