urlscan.io logo urlscan.io
SecurityTrails logo

starlingbank.perkbox.com Open in urlscan Pro
54.247.141.92  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ablink.news.perkbox.com/ss/c/kndPfuIjQHJlyU28m_j5g5kDmp2wcAac173_CjyMv9hQKhehuPe0F-fyLxAL22uGUUIJU3FguJF69V5iM674ipo57Jo...
Effective URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Submission: On February 26 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 5 countries across 12 domains to perform 66 HTTP transactions. The main IP is 54.247.141.92, located in Ireland and belongs to AMAZON-02, US. The main domain is starlingbank.perkbox.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 14th 2024. Valid for: a year.
This is the only time starlingbank.perkbox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2600:9000:237d:1000:18:1a83:4080:93a1 (United States)

ASN16509 (AMAZON-02, US)
ablink.news.perkbox.com
8    54.247.141.92 (Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
starlingbank.perkbox.com
26    13.224.189.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-30.fra2.r.cloudfront.net
cdn.perkbox.com
1    2a00:1450:400c:c04::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
3    130.211.16.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.16.211.130.bc.googleusercontent.com
cdn.coview.com
app.coview.com
2    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    162.19.58.159 (France)

ASN16276 (OVH, FR)
PTR: ns3096667.ip-162-19-58.eu
image.ibb.co
i.ibb.co
1    13.224.189.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-35.fra2.r.cloudfront.net
widget.intercom.io
6    18.173.154.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-27.muc50.r.cloudfront.net
api.production.eu-west-1.perkbox.services
4    99.84.88.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-63.muc50.r.cloudfront.net
js.intercomcdn.com
4    3.226.31.64 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-31-64.compute-1.amazonaws.com
api-iam.intercom.io
2    2606:4700::6813:a741 (United States)

ASN13335 (CLOUDFLARENET, US)
res.cloudinary.com
2    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.co.uk
1    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
35 perkbox.com
ablink.news.perkbox.com — Cisco Umbrella Rank: 993229
starlingbank.perkbox.com
cdn.perkbox.com — Cisco Umbrella Rank: 494232
3 MB
6 perkbox.services
api.production.eu-west-1.perkbox.services — Cisco Umbrella Rank: 481497
3 KB
5 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1625
api-iam.intercom.io — Cisco Umbrella Rank: 1980
14 KB
4 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 1936
399 KB
3 coview.com
cdn.coview.com — Cisco Umbrella Rank: 130071
app.coview.com — Cisco Umbrella Rank: 110045
12 KB
3 google.com
accounts.google.com — Cisco Umbrella Rank: 24
region1.analytics.google.com — Cisco Umbrella Rank: 2663
www.google.com — Cisco Umbrella Rank: 2
81 KB
2 google.co.uk
www.google.co.uk — Cisco Umbrella Rank: 3596
515 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 85
414 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
21 KB
2 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2511
9 KB
2 ibb.co
image.ibb.co — Cisco Umbrella Rank: 96300
i.ibb.co — Cisco Umbrella Rank: 12287
1 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
142 KB
66 12
Domain Requested by
26 cdn.perkbox.com starlingbank.perkbox.com
cdn.perkbox.com
8 starlingbank.perkbox.com cdn.perkbox.com
6 api.production.eu-west-1.perkbox.services cdn.perkbox.com
4 api-iam.intercom.io js.intercomcdn.com
4 js.intercomcdn.com widget.intercom.io
js.intercomcdn.com
2 www.google.co.uk
2 stats.g.doubleclick.net cdn.perkbox.com
www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
cdn.perkbox.com
2 res.cloudinary.com cdn.perkbox.com
2 app.coview.com cdn.coview.com
2 www.googletagmanager.com cdn.perkbox.com
www.google-analytics.com
1 www.google.com
1 region1.analytics.google.com www.googletagmanager.com
1 widget.intercom.io cdn.perkbox.com
1 i.ibb.co starlingbank.perkbox.com
1 image.ibb.co 1 redirects
1 cdn.coview.com cdn.perkbox.com
1 accounts.google.com cdn.perkbox.com
1 ablink.news.perkbox.com 1 redirects
66 19

This site contains links to these domains. Also see Links.

Domain
help.perkbox.com
www.perkbox.com
status.perkbox.com
Subject Issuer Validity Valid
*.perkbox.com
Amazon RSA 2048 M02		 2024-02-14 -
2025-03-15		 a year crt.sh
cdn.perkbox.com
Amazon RSA 2048 M01		 2023-06-08 -
2024-07-06		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
app.coview.com
GTS CA 1D4		 2024-01-18 -
2024-04-17		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
api.production.eu-west-1.perkbox.services
Amazon RSA 2048 M02		 2023-10-14 -
2024-11-09		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2023-12-14 -
2024-06-22		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
www.google.co.uk
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Frame ID: 0C67584F7A43C50DD7E2832D2174EA08
Requests: 53 HTTP requests in this frame

Frame: https://app.coview.com/api/client-info/launcher
Frame ID: 508D2818F70AE8028E7929097D79F8DA
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.35aa6c01.js
Frame ID: 6488F9F3E44833523E824737D0D81B9C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Perkbox | Login

Page URL History Show full URLs

  1. https://ablink.news.perkbox.com/ss/c/kndPfuIjQHJlyU28m_j5g5kDmp2wcAac173_CjyMv9hQKhehuPe0F-fyLxAL22uGUUIJU3F... HTTP 302
    https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

66
Requests

98 %
HTTPS

53 %
IPv6

12
Domains

19
Subdomains

16
IPs

5
Countries

3307 kB
Transfer

12094 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ablink.news.perkbox.com/ss/c/kndPfuIjQHJlyU28m_j5g5kDmp2wcAac173_CjyMv9hQKhehuPe0F-fyLxAL22uGUUIJU3FguJF69V5iM674ipo57JolMRpI_r-yvnOzggmOzrfl3JBweWNwHAJBXpyA7YLNrTah37YecFDD9YZz2ANlQXYe98iLHwgep2pypz1_rq6ykQne0UJBoKm25Mcx/446/bnlrv0XZRmi1eVKU3pAtdw/h11/DyewepgiG7AVlWOgyU7GtV3tJrhuT0w06KiquOYWFhE HTTP 302
    https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://image.ibb.co/jDB7fm/logo_small.png HTTP 301
  • https://i.ibb.co/THm67QG/logo-small.png

66 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 2b7867ab-737e-475d-aeb3-cab187c06adc
starlingbank.perkbox.com/recognition/polls/group-celebration/
Redirect Chain
  • https://ablink.news.perkbox.com/ss/c/kndPfuIjQHJlyU28m_j5g5kDmp2wcAac173_CjyMv9hQKhehuPe0F-fyLxAL22uGUUIJU3FguJF69V5iM674ipo57JolMRpI_r-yvnOzggmOzrfl3JBweWNwHAJBXpyA7YLNrTah37YecFDD9YZz2ANlQXYe98iL...
  • https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
2 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
af62450dbeb9a0987dba354d14aa26adbe836e7561f9ce6f9876f0c27415bbc2
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
keep-alive
Content-Length
1669
Content-Type
text/html; charset=utf-8
Date
Mon, 26 Feb 2024 10:23:06 GMT
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
etag
W/"685-DWsroB7LIpiLZ4qTtmrmu6DMHOw"
expires
0
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
surrogate-control
no-store
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0

Redirect headers

content-length
145
content-type
text/html; charset=utf-8
date
Mon, 26 Feb 2024 10:23:06 GMT
location
https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
server
nginx
via
1.1 349eb6985da057f318665aa6bde74732.cloudfront.net (CloudFront)
x-amz-cf-id
EkQK2E4vJVirg7IhUDa4s2IvdVe2xNQltaCk6gzeQw0dExebxJQXgQ==
x-amz-cf-pop
MUC50-P2
x-cache
Miss from cloudfront
x-robots-tag
noindex, nofollow
bootstrap.min.css
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/vendor/ 		119 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/vendor/bootstrap.min.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d189a49b9758133fe7e6e82a301d5274be027f4c43d9dc7cae964c7ace022e64
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:17 GMT
server
AmazonS3
etag
W/"321f6002ece6d60f39a1ecbb16edf5bf"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
to20qx8I3kAwDZQ4stOBfQ-72G6FGLk2JrItjrmfEIo9h2UaNxaQUQ==
global.css
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbe0fdb86f92359551dfd3817891f92c8113e1e5617b204433a59e6b0f8c0b41
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
W/"ebc365ef641888303e2833e744ab28a4"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
5xVwrusOXR7-3JV-IOob3J9EZV2b3foKQ0OERq6mrtO3FyukOJC6fA==
perkbox-icons.css
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/perkbox-icons.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4748e68c5c9f2b769a0872355d5603955d5875fc2741648c14673008140a848e
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
W/"3c2dd658432233972c16bdf257b325e8"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
d2-aXmrPAtINAQCsZVmbllcOXpPnFR6qDoIiFK9CAvtaCD53XXUV4Q==
font-awesome.css
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/ 		36 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/font-awesome.css
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2e6992699efb87895cae41af6253b8cb9892c37330980200fc0b146c38180a91
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
W/"22d64b3ecdb061be04e177f7930ce4f0"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000,public
x-amz-cf-id
igXCgmRcQGGAp4OUTqtCvm05NC7gRjLDSqrIjsTUpuKdWf8f2apTwg==
color-thief.min.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/vendor/color-thief.min.js
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a710ca056816b88c87eaad04d958126a7514f5878d09ad40b62fc41f373cf37e
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:17 GMT
server
AmazonS3
etag
W/"cac6b812a1349b4b8bde12d5219ac1e6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
t95f1kDdGzjGYoviy58D8Y3-vIqndFgT1aykyOlqas8DTFm-bvLthw==
main.6bd3559b.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/ 		2 MB
605 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19428d4aa1287f92139d413c09d502f8de55cb21f69866e244019ea7817ecbb3
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:15 GMT
server
AmazonS3
etag
W/"9fbb2cf7bf7c5b98ce05ea7501a40754"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
S0cZpwaDUnqLtzByqrA_8wlbPzpagvlLZ_-NRW_61yFaUOkITwVTeQ==
client
accounts.google.com/gsi/ 		209 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
66d091e2a70ebdabd687589f8c3a8050ea45de468ec440b865d10fc198f3a2a8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-uOJehAWH3Ay1yR3LLCEMOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:07 GMT
content-security-policy
script-src 'report-sample' 'nonce-uOJehAWH3Ay1yR3LLCEMOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Mon, 26 Feb 2024 10:23:07 GMT
coview.js
cdn.coview.com/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.coview.com/coview.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a22afd0fcabd4edfe3cacba60bea89eb10b2b904f670ff1309eae071c6130e92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Dec 2022 06:26:32 GMT
via
1.1 google
etag
W/"26888-1671690392000"
x-frame-options
DENY
vary
accept-encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
Public, max-age=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 26 Feb 2024 11:23:07 GMT
gtm.js
www.googletagmanager.com/ 		153 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W53DNG4
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ff49178a2482d3fcde7d5acfa2c3246111434ce4707b15d867d1072760ab5ea2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
59600
x-xss-protection
0
last-modified
Mon, 26 Feb 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 26 Feb 2024 10:23:07 GMT
vendors~devTools~global~internal~tenant.c024ccab.chunk.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/ 		1 MB
299 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/vendors~devTools~global~internal~tenant.c024ccab.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9740b5fb1e3e15f6cac1a952dde1148b4030526b18fed482ba253f9f92024305
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:15 GMT
server
AmazonS3
etag
W/"6d695a61e1dae38e314d4795e25a2766"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
IbVeTZLQzFCmYDBAlDqI5acnWmWneg6QJo5NLwv7JNxJFsOk-Vtfzg==
vendors~global~internal~tenant.d4e94152.chunk.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/ 		51 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/vendors~global~internal~tenant.d4e94152.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4463a2b761974d007b467ab58a61003b522ba94c821b4345d45d20992b55d07
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:15 GMT
server
AmazonS3
etag
W/"94c3863af1c877bbbd29f84c3e783691"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
tR52Qr6_RELtFtgY4TMJzdFg_bbpAVDh8jDd1aadupNgSikwLd98iQ==
vendors~internal~tenant.0323c01e.chunk.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/ 		132 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/vendors~internal~tenant.0323c01e.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5d18e4090e57aeacda3809c31fcbd9fac6fab34757fcfe972e20226647dcfa06
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:16 GMT
server
AmazonS3
etag
W/"3fa8cbefd4300ceb25c47349fac06716"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
JOZYuHL3PnStXazaRQjFcct81k70t1MMTp72L1mFllq-BEkoY5XIzQ==
vendors~global~tenant.acdcb51f.chunk.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/ 		112 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/vendors~global~tenant.acdcb51f.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7ea7ff190fb07bd2e1384d6c44c8d0ca50569ca40d77feff7fc136da998351eb
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:15 GMT
server
AmazonS3
etag
W/"18178954f59099f03dc4db7987bae092"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
EvZOE-SL9Kfx7Fz2N-3xgptfcxJ5dpOwISsoCIIaf1JpFIc1HvlIeg==
tenant.2e4ee941.chunk.js
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/tenant.2e4ee941.chunk.js
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c46c191638c5c43b78ebb5c9b0d1adfa655eb862c2afb6d94b34b68d5f661861
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:55 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251653
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:15 GMT
server
AmazonS3
etag
W/"4ba73a80c46c1486b1d0121fbfde84c9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000,public
x-amz-cf-id
nG5-oXe8lOMOhZqTU--nbYLdKYK6KViaHu1TqP1udwLFxcNOIGUd8g==
logo-small.png
i.ibb.co/THm67QG/
Redirect Chain
  • https://image.ibb.co/jDB7fm/logo_small.png
  • https://i.ibb.co/THm67QG/logo-small.png
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ibb.co/THm67QG/logo-small.png
Requested by
Host: starlingbank.perkbox.com
URL: https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
Protocol
H2
Server
162.19.58.159 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3096667.ip-162-19-58.eu
Software
nginx /
Resource Hash
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:07 GMT
server
nginx
content-length
1031
content-type
image/png

Redirect headers

location
https://i.ibb.co/THm67QG/logo-small.png
date
Mon, 26 Feb 2024 10:23:07 GMT
server
nginx
content-length
162
content-type
text/html
WorkSans-Regular.woff2
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/WorkSans-Regular.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c46b18a1ccba221be436881e1649ef1bfd1e656184fcd535e84bc77c77e8e5d
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Origin
https://starlingbank.perkbox.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 13:22:01 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
248467
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17912
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
"4116d9a86a2889032aaca45779a997ca"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
KlILOzYWTRVGdDlqMG9g7wV0yijlM-HoCo5YC1JdHya6xKnv-CCtsg==
launcher
app.coview.com/api/client-info/ Frame 508D 		490 B
474 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.coview.com/api/client-info/launcher
Requested by
Host: cdn.coview.com
URL: https://cdn.coview.com/coview.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
c937c4e8d97c6c6f81863e391c797a5c51ec160702a1fcd75983c3eb595295d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-type
application/json;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 google
x-frame-options
DENY
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://starlingbank.perkbox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
launcher
app.coview.com/api/client-info/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.coview.com/api/client-info/launcher
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://starlingbank.perkbox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,POST,PUT,OPTIONS,HEAD,DELETE
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
application/json
date
Mon, 26 Feb 2024 10:23:07 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
account.json
cdn.perkbox.com/locale/web/en-gb/ 		11 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/account.json?dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2dfecf4fb60a39c04a8ffacdc74565de2d75c1fd7cbe0c3501070bec82b78506
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 10:23:09 GMT
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:19 GMT
server
AmazonS3
etag
W/"7481bbdc4bf0d3169d3d03d29d861c02"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
-pdp7B4-oA-9KuToMaUz09g46o-Gn6GkrXaZphhU5BYMJ6GydmxATg==
platform.json
cdn.perkbox.com/locale/web/en-gb/ 		83 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/platform.json?dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40417f37ccebc4b57746211f107e76ad83346548d9f94c0d7e7d4745bf899088
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 10:23:09 GMT
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:19 GMT
server
AmazonS3
etag
W/"d3b57c8d924d601b53393f14ccf70454"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
dQIliRSm0sYVXMJBHB1CR_H7WlQI9t2y8VupeqDcYMI6M50gHBuyDg==
errors.json
cdn.perkbox.com/locale/web/en-gb/ 		72 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/errors.json?dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be6ba9fa51d28d2555eaab7137a39e7bc5ea945acdf55f2c2c70ec96e8f044cc
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 10:23:09 GMT
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:19 GMT
server
AmazonS3
etag
W/"b228b5d5e86bf7d0a3d65408c8d4d01d"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
-196XVZ0ia3FMV4ol9Lebzi7HUGtDNX_NKFcLaIFFf3LEY_CTlwBag==
effyqzrr
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/effyqzrr
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-35.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4db8bad745d64456e12da8aa7f2f3f4ebac31b9da6b6100e2905924b3021c852

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
TgB_z7Xo7XsGRhlOyP_VCP6AXqPLhnqz
content-encoding
gzip
via
1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 10:19:44 GMT
x-amz-cf-pop
FRA2-C1
age
205
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2705
last-modified
Fri, 23 Feb 2024 16:22:23 GMT
server
AmazonS3
etag
"042d956fe57d4d17ccb31c52996485c5"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
ghNiiZ-MWznlP91TIrvxaSM0a9_Fnaw8GAx7M_gjfB4brMUIdqzv9A==
v1
api.production.eu-west-1.perkbox.services/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-27.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type
Access-Control-Request-Method
POST
Origin
https://starlingbank.perkbox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Correlation-UUID,X-Platform-UUID,X-User-UUID,X-Tenant-UUID,Content-Type,Authorization,If-Match,apollographql-client-version,apollographql-client-name,x-pb-channel,x-pb-show-premium-wellness,x-pb-features
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
access-control-max-age
1728000
cache-control
max-age=300,public
date
Mon, 26 Feb 2024 10:23:08 GMT
via
1.1 129b4a1f09d5313624ec15fced944d6e.cloudfront.net (CloudFront)
x-amz-apigw-id
TvT1-HKfDoEEj8w=
x-amz-cf-id
1DpzX2ty-xtJGu5v5nyi8tjOsCxSNa8p9SeKTuZhReoQZwUk0gM_tQ==
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
a9fb4a73-a62b-400c-9e72-9dbafb61b799
x-cache
Miss from cloudfront
platform.json
cdn.perkbox.com/locale/web/en-gb/ 		83 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/platform.json?dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40417f37ccebc4b57746211f107e76ad83346548d9f94c0d7e7d4745bf899088
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 10:23:09 GMT
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:19 GMT
server
AmazonS3
etag
W/"d3b57c8d924d601b53393f14ccf70454"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
OIb9vNynzJXsx5hpMn9cEQ5TmKiw0v1z1MRg_OL5oqO7XnmV3ofYng==
v1
api.production.eu-west-1.perkbox.services/graphql/ 		126 B
801 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-27.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
6ae913c52cb68ebb3b088c29ecd2a05afea5f43e9d547ffc695ed5fae15aa9e4

Request headers

Accept
application/json, text/plain, */*
apollographql-client-name
web
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Feb 2024 10:23:08 GMT
via
1.1 129b4a1f09d5313624ec15fced944d6e.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
126
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
8e330a11-433a-4212-9b2f-e1adc99795cc
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
TvT2AEj4DoEEcoA=
content-length
126
pragma
no-cache
x-correlation-uuid
ab7f0f71b639ec57df5b1984b97bdfa0
etag
W/"7e-qTesIZimdUdb3YW8aWtD2OY5Qxo"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Mon, 26 Feb 2024 10:23:08 GMT
x-amz-cf-id
H1t15IqjJogeoSLmYpvUgKmoehM3h9C3nIEaVYmnTVS3-xhtyCsA3A==
expires
-1
WorkSans-Medium.woff2
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/WorkSans-Medium.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05767a03c3f73ebd335b167630feb53617581c5489f9e7c46a7ed4ff374f2e6f
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Origin
https://starlingbank.perkbox.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 13:22:03 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
248466
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18820
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
"30853c52ed840fcce98b892b6af2f790"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
uCs74r1V353DLUcNOY5j5I0PMmBtg7REE4SOz14YmBeMxTsr_iSwEA==
WorkSans-Bold.woff2
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/WorkSans-Bold.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ec04cae0d225b48861b4763dcfe8a3be504dfcf78e2336eefc8fc0bd99760ef8
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Origin
https://starlingbank.perkbox.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 13:22:03 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
248466
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18784
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
"3367f941f126098953b86681002b2d5c"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
hf1ZgWjtjtAK8ZWCxlgEt0EBH7c_bCZFr1VUOObXwmj6RfDznnzX1A==
frame-modern.35aa6c01.js
js.intercomcdn.com/ Frame 6488 		513 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.35aa6c01.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/effyqzrr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9c6faa2b63fc4d662d4e7e324ea21df87e1f078dab992417642bb0a1be1d8fbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
ijNOZJ4.fdt14Snha_uctQuK4ry4KDfT
content-encoding
gzip
via
1.1 ae3f020e2e89e632d339db198e9ba75a.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 10:22:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-C1
age
42
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
145155
last-modified
Fri, 23 Feb 2024 16:20:14 GMT
server
AmazonS3
etag
"6c7dd0c63a1f7b8714cff9b5f7e1814f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
_RLHtv3jGEfImJah_qyQifHdMn4yMlA_8FIlb-O3aBxrgylDyO7PjQ==
vendor-modern.944ec8f3.js
js.intercomcdn.com/ Frame 6488 		483 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.944ec8f3.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/effyqzrr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c91d142cf8b9bee82ce20ce32f38dc2407df4bd8e3022375bc8a725d06b1b0be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
AlggMRlzpERLm7Xt.2FNTg5QChF8JkvU
content-encoding
gzip
via
1.1 ae3f020e2e89e632d339db198e9ba75a.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 10:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-C1
age
1068
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
151036
last-modified
Fri, 23 Feb 2024 16:20:14 GMT
server
AmazonS3
etag
"38d271e486a8212858ab6c431e821a03"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
Eueb9UQb_1P_zSkWfHg1kzVmzA9jV9ZZ9g_lMTxaULg9JRFLBo2m3g==
get-credentials
starlingbank.perkbox.com/api/v1/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/get-credentials
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
lWxxBbFu-_jU08YrBg19EIWV03qMKmdqr-JI
Referer
https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 26 Feb 2024 10:23:08 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
v1
api.production.eu-west-1.perkbox.services/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-27.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type,x-pb-channel,x-pb-features,x-pb-show-premium-wellness
Access-Control-Request-Method
POST
Origin
https://starlingbank.perkbox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Correlation-UUID,X-Platform-UUID,X-User-UUID,X-Tenant-UUID,Content-Type,Authorization,If-Match,apollographql-client-version,apollographql-client-name,x-pb-channel,x-pb-show-premium-wellness,x-pb-features
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
access-control-max-age
1728000
cache-control
max-age=300,public
date
Mon, 26 Feb 2024 10:23:08 GMT
via
1.1 129b4a1f09d5313624ec15fced944d6e.cloudfront.net (CloudFront)
x-amz-apigw-id
TvT2CG32DoEEkXA=
x-amz-cf-id
3jjVS2vLfarQnRpT8VD4X7dJucd4DQ41oLV_m_RJOr587ORRcR-Cqw==
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
4b8e4a09-740f-498c-a13a-ed9b07b15f3b
x-cache
Miss from cloudfront
v1
api.production.eu-west-1.perkbox.services/graphql/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-27.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
95079e887274af4f16b802e8182ae561e26190c114f5eb6483b4c874d74be77e

Request headers

apollographql-client-name
web
x-pb-features
Merchandise,GroupCelebration
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
x-pb-channel
web
x-pb-show-premium-wellness
true

Response headers

date
Mon, 26 Feb 2024 10:23:08 GMT
content-encoding
gzip
via
1.1 129b4a1f09d5313624ec15fced944d6e.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
3483
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
df8d9b2f-bb94-40d8-ad88-34d9938955b8
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
TvT2EHm3joEEGRQ=
content-length
887
pragma
no-cache
x-correlation-uuid
6f4af53c6eb18f8c08690c1322433a89
etag
W/"d9b-IRDvzR6ZqzT3KPjrx9ehP0R6T8o"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Mon, 26 Feb 2024 10:23:08 GMT
x-amz-cf-id
H0-T9J-FTrtU2l2f_sPsVjZhcnaIroSNZkx5BeEgdbG-XCkDdGHjnA==
expires
-1
ping
api-iam.intercom.io/messenger/web/ Frame 6488 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.35aa6c01.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.226.31.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-31-64.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6815566f43c447e363d14477db871e5cd2ca5a355c754fffcf3068083ec3a922
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09bf3c29bd7e25d3f
status
200 OK
x-xss-protection
1; mode=block
x-request-id
0001l248s8bhhuuio26g
x-runtime
0.381339
server
nginx
etag
W/"6815566f43c447e363d14477db871e5c"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://starlingbank.perkbox.com
x-intercom-version
39deb9fd2bae3c7b09a0a917b51c7032a9b90e9a
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
vendors~sentry-modern.daf2fe74.js
js.intercomcdn.com/ Frame 6488 		357 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendors~sentry-modern.daf2fe74.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.35aa6c01.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d96f3fe40771e557b61ffedb11f9b74cbd6bb9607e1b73da587fe67b0ba16c03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
uu64IYHMY6M4yGX.uFT.k36dyEEJShdp
content-encoding
gzip
via
1.1 ae3f020e2e89e632d339db198e9ba75a.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 09:29:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-C1
age
3231
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
108344
last-modified
Fri, 23 Feb 2024 16:20:15 GMT
server
AmazonS3
etag
"fa58496c6592477d632db7c4865055cb"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
INUBUs1Iv2edf-Nj0dBca99gCIN_tnyrLvCiODKuCIa-czISKpEXfQ==
sentry-modern.fe45407a.js
js.intercomcdn.com/ Frame 6488 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/sentry-modern.fe45407a.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.35aa6c01.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-63.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
589d4eaa0ae05169eee731f064d7a1af8812822ae9297ffeca4a04c01b4f75fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
lzxr3eXOr6_4U2xrqVh_yL7VAAHSXk..
content-encoding
gzip
via
1.1 ae3f020e2e89e632d339db198e9ba75a.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 10:22:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-C1
age
28
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1435
last-modified
Fri, 23 Feb 2024 16:20:14 GMT
server
AmazonS3
etag
"988bf3670d78c5b15baa020505f0697b"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
HHYGlnNjb1vqNYzVX9mXf54vvtc3vRUMkCHsV3hqH7_jziSw5X86zA==
ping
api-iam.intercom.io/messenger/web/ Frame 6488 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.35aa6c01.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.226.31.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-31-64.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9cbf11065e3b76f7a9479bc05a76446fee889b65a527f84704fc76e525b8bc1a
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09bf3c29bd7e25d3f
status
200 OK
x-xss-protection
1; mode=block
x-request-id
002nkq18tos91ekmi200
x-runtime
0.437660
server
nginx
etag
W/"9cbf11065e3b76f7a9479bc05a76446f"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://starlingbank.perkbox.com
x-intercom-version
39deb9fd2bae3c7b09a0a917b51c7032a9b90e9a
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
recognition.json
cdn.perkbox.com/locale/web/en-gb/ 		47 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/recognition.json?dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6b64aa3afaff34a5b005f336fe282bc9a0fc405bba3c55f7bd04dd94a8718755
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 10:23:10 GMT
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:19 GMT
server
AmazonS3
etag
W/"ff3459c24401121169cdba26b2062d74"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
1FN-6oE88svoKfmLbNXOKe6g2nRZsAJwftpzgACNDXSBUUpcLOXAyQ==
reward.json
cdn.perkbox.com/locale/web/en-gb/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/locale/web/en-gb/reward.json?dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d553ea593b0dd8e9bd9b84e86fe90c1feab6c6959a96c24789db0546bf30552c
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 10:23:10 GMT
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:19 GMT
server
AmazonS3
etag
W/"c696838aa6142067b832b4a58a2e7728"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
application/json
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=1800,public
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
GqPp1QOAyg8pU9yL0UrP4JdJXb9LPYCqXMm5fEwvzZ3QNrqzbfz7eA==
logo-alt.49191f56.svg
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/ 		4 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/logo-alt.49191f56.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b20df95f1a83966ea01c95de54de9ff7cbb75c227e7e4d34bd1c350fba70cedc
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251652
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:16 GMT
server
AmazonS3
etag
W/"49191f56ca76a8d9f4d4c785dab7d81e"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000,public
x-amz-cf-id
aTOWE_Z1xiXlTQ-22n18dX4Jz1RH4Oa5WFgem8qisYYE_nIU0xvzyA==
a2c2fa5e-7083-49b3-8d81-0f51cc9c56d8.png
res.cloudinary.com/perkbox/image/upload/v1602065830/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/perkbox/image/upload/v1602065830/a2c2fa5e-7083-49b3-8d81-0f51cc9c56d8.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dfd972169ceb7f976aced1d3bf394b327ffc46b6153eeea58c0b0efddfea828
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
cld-cloudflare;dur=14;start=2024-02-26T10:23:09.411Z;desc=hit,rtt;dur=26
content-length
4538
last-modified
Wed, 07 Oct 2020 10:17:12 GMT
server
cloudflare
etag
"3f8dce2fd492fb47d1c5ab66faf6ee90"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
85b77893c88c6352-LHR
timing-allow-origin
*
set-credentials
starlingbank.perkbox.com/api/v1/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/set-credentials
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
lWxxBbFu-_jU08YrBg19EIWV03qMKmdqr-JI
Referer
https://starlingbank.perkbox.com/recognition/polls/group-celebration/2b7867ab-737e-475d-aeb3-cab187c06adc?lid=dy9hv0x3vzok
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 26 Feb 2024 10:23:09 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W53DNG4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 09:32:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
3066
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 26 Feb 2024 11:32:03 GMT
set-credentials
starlingbank.perkbox.com/api/v1/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/set-credentials
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
lWxxBbFu-_jU08YrBg19EIWV03qMKmdqr-JI
Referer
https://starlingbank.perkbox.com/welcome/login
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 26 Feb 2024 10:23:09 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
ping
api-iam.intercom.io/messenger/web/ Frame 6488 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/vendors~sentry-modern.daf2fe74.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.226.31.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-31-64.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6fd1d2df835d889321c039f68d1732498a7c262e05a41efd465c70a9d9f731b5
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09bf3c29bd7e25d3f
status
200 OK
x-xss-protection
1; mode=block
x-request-id
0000pi9cpl2l5b3ehl80
x-runtime
0.402719
server
nginx
etag
W/"6fd1d2df835d889321c039f68d173249"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://starlingbank.perkbox.com
x-intercom-version
39deb9fd2bae3c7b09a0a917b51c7032a9b90e9a
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
ping
api-iam.intercom.io/messenger/web/ Frame 6488 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/vendors~sentry-modern.daf2fe74.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.226.31.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-31-64.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f9ac40b9a5e050e6f35ba53611d7f4c1ea73410394c9d01cdfb8d3a42bb6c14f
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09bf3c29bd7e25d3f
status
200 OK
x-xss-protection
1; mode=block
x-request-id
00019k6oobhnpo0ttecg
x-runtime
0.374682
server
nginx
etag
W/"f9ac40b9a5e050e6f35ba53611d7f4c1"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://starlingbank.perkbox.com
x-intercom-version
39deb9fd2bae3c7b09a0a917b51c7032a9b90e9a
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
session-data
starlingbank.perkbox.com/api/v1/ 		0
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/session-data
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/welcome/login
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Mon, 26 Feb 2024 10:23:09 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
Transfer-Encoding
chunked
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
session-data
starlingbank.perkbox.com/api/v1/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/session-data
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
lWxxBbFu-_jU08YrBg19EIWV03qMKmdqr-JI
Referer
https://starlingbank.perkbox.com/welcome/login
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 26 Feb 2024 10:23:09 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
collect
www.google-analytics.com/j/ 		16 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=56742450&t=pageview&_s=1&dl=https%3A%2F%2Fstarlingbank.perkbox.com%2Fwelcome%2Flogin&ul=en-us&de=UTF-8&dt=Perkbox%20%7C%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1592060598&gjid=491186049&cid=473680822.1708942989&tid=UA-109494921-1&_gid=105297704.1708942989&_r=1&_slc=1&gtm=45He42l0n81W53DNG4za220&gcd=13l3l3l3l1&dma=0&z=255152265
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
42425549688f490d14c82728dd81f2c735d3292db3918726ac84290b4ddc6047
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://starlingbank.perkbox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
profile.b702b6e0.svg
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/profile.b702b6e0.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d86d5a5888d8f1ec363deed6ab81d4065c036d6b2b81cbcee999ea4816a72da
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:30:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251554
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:16 GMT
server
AmazonS3
etag
W/"b702b6e051d268ae05f02fbb9e21cda6"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000,public
x-amz-cf-id
tI6ORJBzbCbXXsLZST6ChEE1EEsUeBvn3WjICDWh8Pk5tYKzlWNKeQ==
v1
api.production.eu-west-1.perkbox.services/graphql/ 		71 B
749 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-27.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
4e1a056f7bae25878b6b272a2af0a58c43cccb2296621f29851dcb26e1c8b1ed

Request headers

apollographql-client-name
web
x-pb-features
Merchandise,GroupCelebration
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://starlingbank.perkbox.com/
apollographql-client-version
1.0
x-pb-channel
web
x-pb-show-premium-wellness
true

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
via
1.1 129b4a1f09d5313624ec15fced944d6e.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
71
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
eadaea3b-acf7-423c-bfc0-6fb073f5835b
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
x-cache
Miss from cloudfront
x-amz-apigw-id
TvT2MG5dDoEEjFA=
content-length
71
pragma
no-cache
x-correlation-uuid
6e3571ce73dda390b54c69514ec20b10
etag
W/"47-Mz+TvQUF6w2TloyTid5JWHVHeX8"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
cache-control
max-age=0,no-cache,no-store,must-revalidate
access-control-allow-credentials
true
x-amzn-remapped-date
Mon, 26 Feb 2024 10:23:09 GMT
x-amz-cf-id
uGGAzRauai3yywL5hbJbHPyEyXSpwbFu47Htv_buSjtyk8KyqNbz_A==
expires
-1
v1
api.production.eu-west-1.perkbox.services/graphql/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.production.eu-west-1.perkbox.services/graphql/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-27.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type,x-pb-channel,x-pb-features,x-pb-show-premium-wellness
Access-Control-Request-Method
POST
Origin
https://starlingbank.perkbox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Correlation-UUID,X-Platform-UUID,X-User-UUID,X-Tenant-UUID,Content-Type,Authorization,If-Match,apollographql-client-version,apollographql-client-name,x-pb-channel,x-pb-show-premium-wellness,x-pb-features
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
access-control-allow-origin
*
access-control-expose-headers
ETag,X-Correlation-UUID,x-amzn-requestid
access-control-max-age
1728000
cache-control
max-age=300,public
date
Mon, 26 Feb 2024 10:23:09 GMT
via
1.1 129b4a1f09d5313624ec15fced944d6e.cloudfront.net (CloudFront)
x-amz-apigw-id
TvT2LH-JDoEEWoA=
x-amz-cf-id
AehFQNzl6meIM47meeav9iP5MYfO_UfJNKnYplkIrZWML6ZHlX6EpQ==
x-amz-cf-pop
MUC50-P3
x-amzn-requestid
492bec32-6df8-40f7-bee2-b21c48851aa8
x-cache
Miss from cloudfront
logo-alt.49191f56.svg
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/ 		4 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/logo-alt.49191f56.svg
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b20df95f1a83966ea01c95de54de9ff7cbb75c227e7e4d34bd1c350fba70cedc
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:28:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251652
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:16 GMT
server
AmazonS3
etag
W/"49191f56ca76a8d9f4d4c785dab7d81e"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000,public
x-amz-cf-id
8SFm192X2eW0ZBsfeuzIf0NgdlIiSP3--8J4N78YaxVPbLk3uPIAMg==
a2c2fa5e-7083-49b3-8d81-0f51cc9c56d8.png
res.cloudinary.com/perkbox/image/upload/v1602065830/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/perkbox/image/upload/v1602065830/a2c2fa5e-7083-49b3-8d81-0f51cc9c56d8.png
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dfd972169ceb7f976aced1d3bf394b327ffc46b6153eeea58c0b0efddfea828
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
server-timing
cld-cloudflare;dur=14;start=2024-02-26T10:23:09.601Z;desc=hit,rtt;dur=28
content-length
4538
last-modified
Wed, 07 Oct 2020 10:17:12 GMT
server
cloudflare
etag
"3f8dce2fd492fb47d1c5ab66faf6ee90"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
85b77894fab36352-LHR
timing-allow-origin
*
session-data
starlingbank.perkbox.com/api/v1/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/session-data
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://starlingbank.perkbox.com/welcome/login
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Mon, 26 Feb 2024 10:23:09 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
2
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
collect
stats.g.doubleclick.net/j/ 		7 B
358 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-109494921-1&cid=473680822.1708942989&jid=1592060598&gjid=491186049&_gid=105297704.1708942989&_u=YEBAAEAAAAAAACAAI~&z=811877095
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://starlingbank.perkbox.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 26 Feb 2024 10:23:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://starlingbank.perkbox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		235 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B1J5QSRL9R&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
70b1a721200a64812000694c3b3265cd2adbb31fe43f2c608f92eaff9afb39ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 10:23:09 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85076
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 26 Feb 2024 10:23:09 GMT
session-data
starlingbank.perkbox.com/api/v1/ 		46 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://starlingbank.perkbox.com/api/v1/session-data
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.247.141.92 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-141-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3b6afec21dd91bad45e9f6358729c16fec0517fe791a1c35de9ab86e38539f86
Security Headers
Name Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
csrf-token
lWxxBbFu-_jU08YrBg19EIWV03qMKmdqr-JI
Referer
https://starlingbank.perkbox.com/welcome/login
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 26 Feb 2024 10:23:09 GMT
content-security-policy
script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
Connection
keep-alive
Content-Length
46
x-xss-protection
0
pragma
no-cache
referrer-policy
origin,origin-when-cross-origin,strict-origin-when-cross-origin
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2e-80WnC+xlRXUhdhJBPuS0jM6TfNc"
x-download-options
noopen
x-frame-options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
profile.b702b6e0.svg
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/profile.b702b6e0.svg
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d86d5a5888d8f1ec363deed6ab81d4065c036d6b2b81cbcee999ea4816a72da
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:30:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251554
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:16 GMT
server
AmazonS3
etag
W/"b702b6e051d268ae05f02fbb9e21cda6"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000,public
x-amz-cf-id
wnUbopNpdEN29U9rMZnqpPYLYJZCRhuOgvFa2MfgStjZ84QsFFqQWQ==
collect
region1.analytics.google.com/g/ 		0
260 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-B1J5QSRL9R&gtm=45je42l0v9164372102za220&_p=1708942987437&_gaz=1&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=1600x1200&cid=473680822.1708942989&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fstarlingbank.perkbox.com%2Fwelcome%2Flogin&dt=Perkbox%20%7C%20Login&sid=1708942989&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3517
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1J5QSRL9R&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://starlingbank.perkbox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1J5QSRL9R&cid=473680822.1708942989&gtm=45je42l0v9164372102za220&aip=1&dma=0&gcd=13l3l3l3l2&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1J5QSRL9R&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://starlingbank.perkbox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.uk/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1J5QSRL9R&cid=473680822.1708942989&gtm=45je42l0v9164372102za220&aip=1&dma=0&gcd=13l3l3l3l2&npa=0&z=1159941110
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:09 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-109494921-1&cid=473680822.1708942989&jid=1592060598&_u=YEBAAEAAAAAAACAAI~&z=2095446691
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:09 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.uk/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-109494921-1&cid=473680822.1708942989&jid=1592060598&_u=YEBAAEAAAAAAACAAI~&z=2095446691
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 10:23:09 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
profile.b702b6e0.svg
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/media/profile.b702b6e0.svg
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/static/js/main.6bd3559b.js?2a146608b8094b81fb76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d86d5a5888d8f1ec363deed6ab81d4065c036d6b2b81cbcee999ea4816a72da
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://starlingbank.perkbox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 12:30:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
content-encoding
gzip
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
251554
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:16 GMT
server
AmazonS3
etag
W/"b702b6e051d268ae05f02fbb9e21cda6"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000,public
x-amz-cf-id
ItUIG5flPC62o5_k6LF85J_rnG0YcMAjamwbUsrTt363FjyzcRp14g==
WorkSans-SemiBold.woff2
cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/fonts/WorkSans/WorkSans-SemiBold.woff2
Requested by
Host: cdn.perkbox.com
URL: https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-30.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b5595a0f4045f98ff785b89e3f12ad747b441a0622a41710cdf42163f35d325e
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.perkbox.com/dcc4c5a94d15978ff931d9ac7d4ce8b52fd2802f/global.css
Origin
https://starlingbank.perkbox.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 13:22:03 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'self' *.marketo.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.amplitude.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.marketo.com *.googleapis.com; img-src * data:
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
248467
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18848
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Feb 2024 12:19:13 GMT
server
AmazonS3
etag
"9942d3192d5c8728bf813d0884347bb4"
access-control-max-age
3000
access-control-allow-methods
GET, PUT, POST, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://starlingbank.perkbox.com
access-control-expose-headers
ETag
cache-control
max-age=2592000,public
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
981suy5LFXyGOHr17wSaC47xshe0C6X7vRVesvqu8G-EzEH_24bJHA==

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| CanvasImage function| ColorThief object| pv object| MMCQ object| webpackJsonp object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| _ function| Intercom function| hireMe function| coview object| dataLayer object| default_gsi object| _F_toggles object| google object| closure_lm_482348 object| __localeData__ boolean| VimeoPlayerResizeEmbeds_ function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data function| __intercomAssignLocation function| __intercomReloadLocation string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

10 Cookies

Domain/Path Name / Value
starlingbank.perkbox.com/ Name: _csrf
Value: V5CNpEB7wpNoF3-zSZHTphnp
starlingbank.perkbox.com/ Name: sid
Value: s%3Ak21v5dWXHHyx5orHoytmTDW2VgtwYjmF.rLkuFnrJ8%2BffMiPPlFmUf8QHW79O4eUPi8lsbkF7Czg
.perkbox.com/ Name: mp_db23a499d137c41fe1659f21e2b6cadf_mixpanel
Value: %7B%22distinct_id%22%3A%20%2218de4f090aafcc-05bb3e8b17650e-1931337b-1d4c00-18de4f090ab141a%22%2C%22%24device_id%22%3A%20%2218de4f090aafcc-05bb3e8b17650e-1931337b-1d4c00-18de4f090ab141a%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
.perkbox.com/ Name: _ga
Value: GA1.2.473680822.1708942989
.perkbox.com/ Name: _gid
Value: GA1.2.105297704.1708942989
.perkbox.com/ Name: _gat_UA-109494921-1
Value: 1
.perkbox.com/ Name: _ga_B1J5QSRL9R
Value: GS1.2.1708942989.1.0.1708942989.60.0.0
.perkbox.com/ Name: intercom-id-effyqzrr
Value: 21533739-29d9-4d51-ae04-ba70a3510bc2
.perkbox.com/ Name: intercom-session-effyqzrr
Value:
.perkbox.com/ Name: intercom-device-id-effyqzrr
Value: 99145838-f099-4242-937e-8a888f98cd95

1 Console Messages

Source Level URL
Text
network error URL: https://i.ibb.co/THm67QG/logo-small.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.mxpnl.com *.mixpanel.com *.chilipiper.com *.coview.com *.stripe.com *.fidel.uk *.asknice.ly *.vimeo.com *.adyen.com accounts.google.com *.paypal.com teams.microsoft.com;style-src 'self' 'unsafe-inline' cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com *.marketo.com app.phrase.com phraseapp.com phrase.com *.chilipiper.com *.coview.com *.googleapis.com *.typekit.net *.stripe.com *.fidel.uk *.fontawesome.com accounts.google.com;img-src * data: cdn.perkbox.dev cdn.perkbox.net cdn.perkbox.com;connect-src *;frame-src self * *.google.com *.adyen.com *.vimeo.com cdn.perkbox.com cdn.perkbox.net;media-src cdn.perkbox.net cdn.perkbox.com js.intercomcdn.com;form-action self * *.perkbox.dev *.perkbox.net *.perkbox.com *.localhost:* intercom.help *.intercom.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ablink.news.perkbox.com
accounts.google.com
api-iam.intercom.io
api.production.eu-west-1.perkbox.services
app.coview.com
cdn.coview.com
cdn.perkbox.com
i.ibb.co
image.ibb.co
js.intercomcdn.com
region1.analytics.google.com
res.cloudinary.com
starlingbank.perkbox.com
stats.g.doubleclick.net
widget.intercom.io
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
13.224.189.30
13.224.189.35
130.211.16.248
162.19.58.159
18.173.154.27
2001:4860:4802:34::36
2600:9000:237d:1000:18:1a83:4080:93a1
2606:4700::6813:a741
2a00:1450:4001:806::200e
2a00:1450:4001:812::2008
2a00:1450:4001:82f::2004
2a00:1450:4001:831::2003
2a00:1450:400c:c04::54
2a00:1450:400c:c0b::9d
3.226.31.64
54.247.141.92
99.84.88.63
05767a03c3f73ebd335b167630feb53617581c5489f9e7c46a7ed4ff374f2e6f
19428d4aa1287f92139d413c09d502f8de55cb21f69866e244019ea7817ecbb3
2dfecf4fb60a39c04a8ffacdc74565de2d75c1fd7cbe0c3501070bec82b78506
2e6992699efb87895cae41af6253b8cb9892c37330980200fc0b146c38180a91
3b6afec21dd91bad45e9f6358729c16fec0517fe791a1c35de9ab86e38539f86
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3c46b18a1ccba221be436881e1649ef1bfd1e656184fcd535e84bc77c77e8e5d
40417f37ccebc4b57746211f107e76ad83346548d9f94c0d7e7d4745bf899088
42425549688f490d14c82728dd81f2c735d3292db3918726ac84290b4ddc6047
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4748e68c5c9f2b769a0872355d5603955d5875fc2741648c14673008140a848e
4db8bad745d64456e12da8aa7f2f3f4ebac31b9da6b6100e2905924b3021c852
4dfd972169ceb7f976aced1d3bf394b327ffc46b6153eeea58c0b0efddfea828
4e1a056f7bae25878b6b272a2af0a58c43cccb2296621f29851dcb26e1c8b1ed
589d4eaa0ae05169eee731f064d7a1af8812822ae9297ffeca4a04c01b4f75fd
5d18e4090e57aeacda3809c31fcbd9fac6fab34757fcfe972e20226647dcfa06
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69
66d091e2a70ebdabd687589f8c3a8050ea45de468ec440b865d10fc198f3a2a8
6815566f43c447e363d14477db871e5cd2ca5a355c754fffcf3068083ec3a922
6ae913c52cb68ebb3b088c29ecd2a05afea5f43e9d547ffc695ed5fae15aa9e4
6b64aa3afaff34a5b005f336fe282bc9a0fc405bba3c55f7bd04dd94a8718755
6fd1d2df835d889321c039f68d1732498a7c262e05a41efd465c70a9d9f731b5
70b1a721200a64812000694c3b3265cd2adbb31fe43f2c608f92eaff9afb39ba
7ea7ff190fb07bd2e1384d6c44c8d0ca50569ca40d77feff7fc136da998351eb
95079e887274af4f16b802e8182ae561e26190c114f5eb6483b4c874d74be77e
9740b5fb1e3e15f6cac1a952dde1148b4030526b18fed482ba253f9f92024305
9c6faa2b63fc4d662d4e7e324ea21df87e1f078dab992417642bb0a1be1d8fbc
9cbf11065e3b76f7a9479bc05a76446fee889b65a527f84704fc76e525b8bc1a
9d86d5a5888d8f1ec363deed6ab81d4065c036d6b2b81cbcee999ea4816a72da
a22afd0fcabd4edfe3cacba60bea89eb10b2b904f670ff1309eae071c6130e92
a710ca056816b88c87eaad04d958126a7514f5878d09ad40b62fc41f373cf37e
af62450dbeb9a0987dba354d14aa26adbe836e7561f9ce6f9876f0c27415bbc2
b20df95f1a83966ea01c95de54de9ff7cbb75c227e7e4d34bd1c350fba70cedc
b4463a2b761974d007b467ab58a61003b522ba94c821b4345d45d20992b55d07
b5595a0f4045f98ff785b89e3f12ad747b441a0622a41710cdf42163f35d325e
be6ba9fa51d28d2555eaab7137a39e7bc5ea945acdf55f2c2c70ec96e8f044cc
c46c191638c5c43b78ebb5c9b0d1adfa655eb862c2afb6d94b34b68d5f661861
c91d142cf8b9bee82ce20ce32f38dc2407df4bd8e3022375bc8a725d06b1b0be
c937c4e8d97c6c6f81863e391c797a5c51ec160702a1fcd75983c3eb595295d4
cbe0fdb86f92359551dfd3817891f92c8113e1e5617b204433a59e6b0f8c0b41
d189a49b9758133fe7e6e82a301d5274be027f4c43d9dc7cae964c7ace022e64
d553ea593b0dd8e9bd9b84e86fe90c1feab6c6959a96c24789db0546bf30552c
d96f3fe40771e557b61ffedb11f9b74cbd6bb9607e1b73da587fe67b0ba16c03
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec04cae0d225b48861b4763dcfe8a3be504dfcf78e2336eefc8fc0bd99760ef8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9ac40b9a5e050e6f35ba53611d7f4c1ea73410394c9d01cdfb8d3a42bb6c14f
ff49178a2482d3fcde7d5acfa2c3246111434ce4707b15d867d1072760ab5ea2