Submitted URL: https://myaccount.wellbeingchallenge.uk/
Effective URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Submission: On November 17 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 16 IPs in 2 countries across 14 domains to perform 40 HTTP transactions. The main IP is 3.224.218.170, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is myaccount.wellbeingchallenge.uk.
TLS certificate: Issued by R3 on November 17th 2021. Valid for: 3 months.
This is the only time myaccount.wellbeingchallenge.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
7 prod.pathwrightcdn.com myaccount.wellbeingchallenge.uk
prod.pathwrightcdn.com
4 gql.pathwright.com prod.pathwrightcdn.com
4 pathwright.imgix.net myaccount.wellbeingchallenge.uk
4 myaccount.wellbeingchallenge.uk 3 redirects
3 q.stripe.com myaccount.wellbeingchallenge.uk
3 o99.ingest.sentry.io prod.pathwrightcdn.com
3 www.gstatic.com myaccount.wellbeingchallenge.uk
3 js.stripe.com myaccount.wellbeingchallenge.uk
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 connect.facebook.net prod.pathwrightcdn.com
2 app.coview.com cdn.coview.com
1 m.stripe.com m.stripe.network
1 cdn.coview.com myaccount.wellbeingchallenge.uk
1 fonts.googleapis.com prod.pathwrightcdn.com
1 cdn.polyfill.io myaccount.wellbeingchallenge.uk
1 cdnjs.cloudflare.com myaccount.wellbeingchallenge.uk
1 maxcdn.bootstrapcdn.com myaccount.wellbeingchallenge.uk
40 17

This site contains no links.

Subject Issuer Validity Valid
myaccount.wellbeingchallenge.uk
R3
2021-11-17 -
2022-02-15
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-03-01 -
2022-02-28
a year crt.sh
*.imgix.com
GlobalSign Atlas R3 DV TLS CA 2020
2021-05-10 -
2022-06-11
a year crt.sh
polyfill.io
GlobalSign Atlas R3 DV TLS CA 2020
2021-06-04 -
2022-07-06
a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2021-10-21 -
2022-02-02
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-10-18 -
2022-01-10
3 months crt.sh
*.coview.com
Starfield Secure Certificate Authority - G2
2020-01-23 -
2022-03-24
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-08-27 -
2021-11-25
3 months crt.sh
*.pathwright.com
Amazon
2021-09-16 -
2022-10-15
a year crt.sh
*.ingest.sentry.io
R3
2021-10-24 -
2022-01-22
3 months crt.sh
*.stripe.com
DigiCert SHA2 Secure Server CA
2021-09-08 -
2022-09-07
a year crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-02-02
3 months crt.sh

This page contains 4 frames:

Primary Page: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Frame ID: 178EB1BF837875CC2CF568610BD696D9
Requests: 28 HTTP requests in this frame

Frame: https://app.coview.com/api/client-info/launcher
Frame ID: 9086199B70FB049BC9343574403FDE92
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Frame ID: F7AEF2C771E5DAFEF50729F2B14D7C5D
Requests: 3 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 807982F62A56698FC2B11D0C5E082E8A
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Workplace Wellbeing Challenge

Page URL History Show full URLs

  1. https://myaccount.wellbeingchallenge.uk/ HTTP 302
    https://myaccount.wellbeingchallenge.uk/school/dashboard/ HTTP 302
    https://myaccount.wellbeingchallenge.uk/dashboard/ HTTP 302
    https://myaccount.wellbeingchallenge.uk/auth/sign-in/ Page URL

Page Statistics

40
Requests

100 %
HTTPS

63 %
IPv6

14
Domains

17
Subdomains

16
IPs

2
Countries

2200 kB
Transfer

7188 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://myaccount.wellbeingchallenge.uk/ HTTP 302
    https://myaccount.wellbeingchallenge.uk/school/dashboard/ HTTP 302
    https://myaccount.wellbeingchallenge.uk/dashboard/ HTTP 302
    https://myaccount.wellbeingchallenge.uk/auth/sign-in/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
myaccount.wellbeingchallenge.uk/auth/sign-in/
Redirect Chain
  • https://myaccount.wellbeingchallenge.uk/
  • https://myaccount.wellbeingchallenge.uk/school/dashboard/
  • https://myaccount.wellbeingchallenge.uk/dashboard/
  • https://myaccount.wellbeingchallenge.uk/auth/sign-in/
22 KB
22 KB
Document
General
Full URL
https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.224.218.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-218-170.compute-1.amazonaws.com
Software
/
Resource Hash
65a204a507aa526fa141c49b8f50ec7b8ee863de9f3f370e805ee90625f13a94
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-type
text/html; charset=utf-8
content-length
22566
etag
"d2d7d07344704e7660917f84957772e0"
vary
Accept-Language, Cookie
content-language
en-us
access-control-allow-origin
myaccount.wellbeingchallenge.uk
access-control-allow-credentials
true
strict-transport-security
max-age=15724800; includeSubDomains

Redirect headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-type
text/html; charset=utf-8
content-length
0
location
/auth/sign-in/
vary
Accept-Language, Cookie
content-language
en-us
access-control-allow-origin
myaccount.wellbeingchallenge.uk
access-control-allow-credentials
true
strict-transport-security
max-age=15724800; includeSubDomains
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/
27 KB
7 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
565, 617, 617
age
5680927
cdn-cachedat
2021-06-08 19:04:20
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
5be60cad80d1eecc9ac7a67f88ee3f89
cf-ray
6afbaad61a814339-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
katex.min.css
cdnjs.cloudflare.com/ajax/libs/KaTeX/0.9.0/
21 KB
3 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.9.0/katex.min.css
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b97347cba14ae763dbf374a6538e6654083b6040a6afd2f0c2ed733b3df58f97
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
5680579
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2526
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03cf0-548b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41WLe7CEf3gS3JmxUJZBYikWueEP7sMpHljuhSSWJ%2FCJGdnHxPnkOzfRYH%2FzHLSdfLYluoz8N5%2FrLJk7Na8iVKsISKnfBXOXP1U13SpXJIAZ2bvWAQkkPwv%2FcbqciQX4LZ2PuNJdt%2BDA4SDM61iJvfwg"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6afbaad61b884e1f-FRA
expires
Mon, 07 Nov 2022 20:21:46 GMT
21.1ace9ebd.chunk.css
prod.pathwrightcdn.com/static/css/
22 KB
6 KB
Stylesheet
General
Full URL
https://prod.pathwrightcdn.com/static/css/21.1ace9ebd.chunk.css
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c1cb724f9bdb180f9c3e23bb027b9a69b33cc1e0f6a4305e947fba7afb43d8e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7190
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
DPQ2WE49MBJQ37DN
x-amz-id-2
qKuu+f3hIhFDDXlih8Mq/BhOoib5pju/a0PAHXSO64Di9up+VXKgdNfkrzOLsTNkR82Rg5XJxss=
last-modified
Tue, 16 Nov 2021 16:12:56 GMT
server
cloudflare
etag
W/"4268416a0be3946b1d39014fcfe74685"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2s80IEkIvuZeRXKyUrolEJhOkT85L5lppuuXjcNHh9zv%2F4qsAhd6zTxxBGTLlUIEHqzQ0OkuDbO2fYQc4jXssKKiu9%2FePFX10irVcIiM0Vqvkgm%2F8OYpB0Q5gU2oOzVvKRttyeNXpodIcdTrtjp8n65JcSq4"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
6afbaad62e2a692b-FRA
main.93e86080.chunk.css
prod.pathwrightcdn.com/static/css/
174 KB
29 KB
Stylesheet
General
Full URL
https://prod.pathwrightcdn.com/static/css/main.93e86080.chunk.css
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1698547b32aa466fa9d60986377609f15d5d5d46323062bf72f499e85fb4c5be

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7190
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
DPQDEPYBNZ79PTYN
x-amz-id-2
oGaKwC0AoZK+wGaTOn55Bi5MIhjOIofVOpflFrkOePVtLym6WB1rz7XLUjpn0eRdpEMDjLbqMEI=
last-modified
Tue, 16 Nov 2021 16:12:57 GMT
server
cloudflare
etag
W/"56c6a82a29a4f647f564fc89cb3873e2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1awyFIIcb7%2BLc5TPGXPXzOvdwb4OdtV9E0N3j98a%2Fg9dklrZr3HHzgAjknEYwwbHhkcPVUZL3FmJJtSJn37iy8GPLza9nV60RZfHDB8QEDoulGPsxOAmBjuV0p5QmfFCnV%2Bb%2B%2BVr5yeH%2FC6pDzkt0Bpijvn5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
6afbaad62e2e692b-FRA
https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2F5mKNNbZUQ1uCptAOO3xn%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQi...
pathwright.imgix.net/
22 KB
22 KB
Image
General
Full URL
https://pathwright.imgix.net/https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2F5mKNNbZUQ1uCptAOO3xn%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQiLCAiY29udmVydCJdLCAiZXhwaXJ5IjogNDYyMDM3NzAzMX0%253D?fit=crop&ixlib=python-1.1.0&w=500&s=fc6146cd9d0f9407095b79d672e5b8f4
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
2ab6b4421da5f85eb3cb0241388495b597db0b330622d905767d4b4139cbfc5f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Nov 2021 08:02:32 GMT
server
imgix
age
130754
x-cache
HIT, MISS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2678400
x-imgix-id
011af5065b40e9db5c86972cc577ca8fa46eac13
accept-ranges
bytes
content-length
22165
cross-origin-resource-policy
cross-origin
x-served-by
cache-sjc10074-SJC, cache-fra19168-FRA
polyfill.min.js
cdn.polyfill.io/v2/
222 B
619 B
Script
General
Full URL
https://cdn.polyfill.io/v2/polyfill.min.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
3995195
detected-user-agent
Chrome Mobile/95.0.4638
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length
126
referrer-policy
origin-when-cross-origin
last-modified
Fri, 01 Oct 2021 18:49:45 GMT
date
Wed, 17 Nov 2021 20:21:46 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/95.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
/
js.stripe.com/v3/
266 KB
70 KB
Script
General
Full URL
https://js.stripe.com/v3/
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-110.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f9e914052d3540e1a3f59375d29954bab08025ae7387f2129a4a3ddcac6b3a8c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
51
x-cache
Hit from cloudfront
date
Wed, 17 Nov 2021 20:20:56 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c1.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 19:12:02 GMT
server
Cloudfront
etag
W/"d3dacdb2f8f865ecf35a7acd70e36ba5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
XaazfVrACgje2EgVLyGTCmsyQq9ylp-sQncL45cCDYXwOKH_-L3deg==
firebase-app.js
www.gstatic.com/firebasejs/7.15.5/
19 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/7.15.5/firebase-app.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bedab15fd177a9715568682a8b3a04edd59939cafffa07dfd2e6e64b010f757c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 13:59:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
109314
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6604
x-xss-protection
0
last-modified
Thu, 25 Jun 2020 23:15:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="firebase-js"
expires
Wed, 16 Nov 2022 13:59:52 GMT
firebase-auth.js
www.gstatic.com/firebasejs/7.15.5/
169 KB
54 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/7.15.5/firebase-auth.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2a238e901cad1dc833d94fb90be3e08f6cadbafacaecf58fb231a40b3f74950
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 05:06:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
486938
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55469
x-xss-protection
0
last-modified
Thu, 25 Jun 2020 23:15:29 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="firebase-js"
expires
Sat, 12 Nov 2022 05:06:08 GMT
firebase-database.js
www.gstatic.com/firebasejs/7.15.5/
183 KB
183 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/7.15.5/firebase-database.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9df0620cb79f0bbb36be6c367813dcac9ca3bd2d9317459b02591deb41a80ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 04:49:12 GMT
x-content-type-options
nosniff
age
487954
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
187119
x-xss-protection
0
last-modified
Thu, 25 Jun 2020 23:15:23 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="firebase-js"
expires
Sat, 12 Nov 2022 04:49:12 GMT
css
fonts.googleapis.com/
2 KB
970 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Kalam:400,700
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/css/main.93e86080.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32ebb6d264142731a0524bc5d1c2108ac36796279a1451a93b77d6647e195d35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://prod.pathwrightcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 17 Nov 2021 20:21:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 17 Nov 2021 20:21:46 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Nov 2021 20:21:46 GMT
21.5b6190ea.chunk.js
prod.pathwrightcdn.com/static/js/
3 MB
1000 KB
Script
General
Full URL
https://prod.pathwrightcdn.com/static/js/21.5b6190ea.chunk.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e20f7d2c7c5032cd8b9b0b03ed846d9e25dafe086676bbd4d70925f95d821ec2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7190
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
DPQDBJZS84F4B5FD
x-amz-id-2
+WLGR2or9W8ZdD8VC86WeFwzc2oyrcy9utgMhMOQAsXSxHJySOQJy/HkpfxBIuY5/44ukNhxfQA=
last-modified
Tue, 16 Nov 2021 16:12:57 GMT
server
cloudflare
etag
W/"f6a15e04771e439ae724af52e3e5d499"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3VwGYyCrpEqhqBUQOJ2pZuiW%2BENAVNOa%2FZ%2FIrIX%2BXkBNhcliKHL7n1H5sZiqj7IMg%2FC%2FAp0X8Ylx6YKyad9wBtOQ3L%2FEIRHc52xbX8ndcu9zrUSyjC8bw1U73L36pwAqwc5U%2FmQ%2BsQ0JJpX5MmtkpyBHAPX%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6afbaad68f07692b-FRA
main.a0eb348e.chunk.js
prod.pathwrightcdn.com/static/js/
2 MB
442 KB
Script
General
Full URL
https://prod.pathwrightcdn.com/static/js/main.a0eb348e.chunk.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9999eea03da1d9d825c3475a715e10f1e9139c598a4bdf3ecd39c978f59a64af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7190
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
DPQBWX723C0ZTNHQ
x-amz-id-2
L8sSQpMeii37hJAptRWqS5Dl2XIqkYPtlCw62fc89Q8ckd06G5HAxEcOkui8v1lS/5NnaI0PEOw=
last-modified
Tue, 16 Nov 2021 16:13:00 GMT
server
cloudflare
etag
W/"ac9dd35a8fe0cec5f5af841773bf3d48"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lnGSMZvaV7ZXaR%2FvK2XGQ48n1ksOUrO7CTM2O5PzEgl9aCP%2Bfdly979n67HokMC1vSCaqp%2FyykePqkT7Qnq1HplTGMl5FE7l%2B5G6l5CGAhMer0RZ6Gx91HvOPiSjmscE2BhRZLh%2FB469FNVVjdgbMX3eePtv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6afbaad68f0d692b-FRA
https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2FxTs6aISMSQeM0WsFnx23%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQi...
pathwright.imgix.net/
23 KB
23 KB
Image
General
Full URL
https://pathwright.imgix.net/https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2FxTs6aISMSQeM0WsFnx23%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQiLCAiY29udmVydCJdLCAiZXhwaXJ5IjogNDYyMDM3NzAzMX0%253D?balph=40&blend=666666&blur=500&bm=screen&fit=max&fm=jpg&h=700&high=-80&ixlib=python-1.1.0&q=100&w=700&s=858e0bce6ed9d331a953c78b9dc8955d
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
50405ec575c1aa30532424fd9c21cd67fc4d5e6ed6c9fffe8d64a2ca6d245273
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Nov 2021 08:02:32 GMT
server
imgix
age
130754
x-cache
HIT, MISS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2678400
x-imgix-id
32329ed312d23374373947868256813af3a70bd3
accept-ranges
bytes
content-length
23146
cross-origin-resource-policy
cross-origin
x-served-by
cache-sjc10036-SJC, cache-fra19168-FRA
coview.js
cdn.coview.com/
43 KB
16 KB
Script
General
Full URL
https://cdn.coview.com/coview.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
70ea2b504c5dc7510692a3cb1ead402d898ad0c7dd0825ad42c02ac35816cc06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Nov 2021 14:52:54 GMT
access-control-allow-origin
*
etag
W/"43697-1636642374000"
x-frame-options
DENY
content-type
application/javascript
via
1.1 google
vary
accept-encoding
cache-control
Public, max-age=3600
accept-ranges
bytes
alt-svc
clear
x-xss-protection
1; mode=block
expires
Wed, 17 Nov 2021 21:21:46 GMT
launcher
app.coview.com/api/client-info/ Frame
0
0
Preflight
General
Full URL
https://app.coview.com/api/client-info/launcher
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://myaccount.wellbeingchallenge.uk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-origin
https://myaccount.wellbeingchallenge.uk
access-control-allow-methods
GET,POST,PUT,OPTIONS,HEAD,DELETE
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-xss-protection
1; mode=block
x-frame-options
DENY
x-content-type-options
nosniff
content-type
application/json
content-length
0
date
Wed, 17 Nov 2021 20:21:46 GMT
via
1.1 google
alt-svc
clear
launcher
app.coview.com/api/client-info/ Frame 9086
487 B
483 B
XHR
General
Full URL
https://app.coview.com/api/client-info/launcher
Requested by
Host: cdn.coview.com
URL: https://cdn.coview.com/coview.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.16.248 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
248.16.211.130.bc.googleusercontent.com
Software
/
Resource Hash
7ccafeb22224e7ddde4400a495c5a0af884e8f21120609394b578c3d37412502
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/json;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 17 Nov 2021 20:21:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
https://myaccount.wellbeingchallenge.uk
x-frame-options
DENY
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
via
1.1 google
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/main.a0eb348e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d1c81637631d5c85e49c8c0a5322fd06b6257b6466e24cc4ec7349616e81b239
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
8H1ohgpSClAcC0+k7we/oQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1687
x-fb-rlafr
0
x-fb-debug
aZvm8KPfK7Yor+aBANBC5HnJhFBBVEb5jqKx9Fy/vwBG7nAVAp+dMdrk+ZtWLPJ/vtPalCi9IeBGdg01fStJyw==
x-fb-trip-id
686109401
x-fb-content-md5
3f5262f2d26983901e3b1742f6149492
x-frame-options
DENY
date
Wed, 17 Nov 2021 20:21:46 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"fce6782c8975e02e2b4ee0c348086107"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 17 Nov 2021 20:27:05 GMT
m-outer-f7902241893e7a497417843cb15dc858.html
js.stripe.com/v3/ Frame F7AE
240 B
951 B
Document
General
Full URL
https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-110.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/

Response headers

content-type
text/html; charset=utf-8
content-length
240
last-modified
Wed, 27 Oct 2021 22:19:31 GMT
accept-ranges
bytes
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
date
Wed, 17 Nov 2021 20:21:48 GMT
cache-control
max-age=60
etag
"f7902241893e7a497417843cb15dc858"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 a350f357b825293e306b1b0a2cb490c1.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
CxhetA9RNlyfKFsElXyNQT2DbPLoaup43S5nFaSmDSJasEIixjxptg==
graphql
gql.pathwright.com/ Frame
0
0
Preflight
General
Full URL
https://gql.pathwright.com/graphql?school_id=20675
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4043:f501:c8de:b595:c41d:739f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,authorization,content-type,school_id
Origin
https://myaccount.wellbeingchallenge.uk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
apollographql-client-name,apollographql-client-version,authorization,content-type,school_id
graphql
gql.pathwright.com/
55 KB
55 KB
Fetch
General
Full URL
https://gql.pathwright.com/graphql?school_id=20675
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/21.5b6190ea.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4043:f501:c8de:b595:c41d:739f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/ Express
Resource Hash
81cbba004e92c26fe7399b6a84b35630fa58ac7608d130b7dbf7eab1eaa3e4fc

Request headers

apollographql-client-name
web
Accept-Language
de-DE,de;q=0.9
authorization
Bearer undefined
content-type
application/json
accept
*/*
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
apollographql-client-version
1.0
school_id
20675

Response headers

access-control-allow-origin
*
date
Wed, 17 Nov 2021 20:21:47 GMT
x-powered-by
Express
etag
W/"da9b-F+nj9DQm6tyGYPFw1JcDLLXcwBA"
content-length
55963
content-type
application/json; charset=utf-8
sdk.js
connect.facebook.net/en_US/
290 KB
83 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=ee93b736f6e511f1d1d74c03b9648366
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/main.a0eb348e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0c7b06cc527bd25cd23376f3a096ce722d3d9556455792e69276e0f91dd577f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://myaccount.wellbeingchallenge.uk/
Origin
https://myaccount.wellbeingchallenge.uk
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
FDup85RQumdKhh07Sko9ew==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
84323
x-fb-rlafr
0
x-fb-debug
DdLyRHJ5DWbtE07I6vGFozdelTYegmxEHFT/U/tGz7CoqSFLlVe1S9OHsXJJKhkg/W8HoAY+kBKLGwKa6RCJAA==
x-fb-trip-id
686109401
x-fb-content-md5
c3c9465827b31f7ddcfb7948d6d7d483
x-frame-options
DENY
date
Wed, 17 Nov 2021 20:21:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"6d5b2f233a0b94ca7aba5954168320f8"
timing-allow-origin
*
expires
Thu, 17 Nov 2022 20:07:05 GMT
/
o99.ingest.sentry.io/api/5438/envelope/
2 B
103 B
Fetch
General
Full URL
https://o99.ingest.sentry.io/api/5438/envelope/?sentry_key=f43b2d3cb8aa4924bab5f3987d2f913c&sentry_version=7
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/21.5b6190ea.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://myaccount.wellbeingchallenge.uk/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://myaccount.wellbeingchallenge.uk
access-control-expose-headers
x-sentry-rate-limits, x-sentry-error, retry-after
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
Pathicon.881d031d.chunk.css
prod.pathwrightcdn.com/static/css/
15 KB
3 KB
Stylesheet
General
Full URL
https://prod.pathwrightcdn.com/static/css/Pathicon.881d031d.chunk.css
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1291d03144c937c5a1d7a6603f041e2689362d8f2d98eaef90cf1a2433a0d1f1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7188
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
Y15RQHA8P366PAYN
x-amz-id-2
dr+HiuAIJ0poIMiZpNUmiX3UF07reKmKFqyYJO2j1FPEWKWSDw3yrdcA54vR6j7ZXzTmUXPnDdw=
last-modified
Tue, 16 Nov 2021 16:12:57 GMT
server
cloudflare
etag
W/"e3f8fc53d403deb632e70db24d395739"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Gr5xTyrKQWqLrqjyd1LRsV5KksS24X84%2BhPuZBOqXG%2FuBgQ0vj3J5HX56rNjb%2F%2FHfzvIff9UlrxOxSQ6QQcer1OZeSwILiH11yvVWJoVkcMLqNUY7rLV9qkdbzj40sMuVAN5h9x4MXqBB%2Bm2NsErFKyWNvK"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
6afbaade098d692b-FRA
Pathicon.a0148d96.chunk.js
prod.pathwrightcdn.com/static/js/
337 KB
54 KB
Script
General
Full URL
https://prod.pathwrightcdn.com/static/js/Pathicon.a0148d96.chunk.js
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86fe7cd5b8e357707007aaa53fd4c516779aaee52b180beb0ff5f664532ffd28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7188
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
Y15ZBXVKQZTN869B
x-amz-id-2
zOmZS1m/6anU4NntNLQPqYaxCj+oprx/7QKTG5fjDnigsMkAmM80Hskb6X/+vSR6WqxN7ek1Xfs=
last-modified
Tue, 16 Nov 2021 16:13:00 GMT
server
cloudflare
etag
W/"c66ae58e0378b9a6a5b2dfed0f36b3ef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bl%2FO7s4pOkbG3ZwXrgOJy59AVcQLbQ7iec07tXF4SB%2FTiRBZQtubMWG601eDWttLDbFUwwdk9xWSibqANeOWl6CBYnW6dMiPdRW%2FFW8n4GKW0Io0REQ%2F%2BJIGxO8kwiM0dGMbnUclxHWTeoS54VAvSxpS4W45"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6afbaade0990692b-FRA
/
o99.ingest.sentry.io/api/5438/envelope/
2 B
256 B
Fetch
General
Full URL
https://o99.ingest.sentry.io/api/5438/envelope/?sentry_key=f43b2d3cb8aa4924bab5f3987d2f913c&sentry_version=7
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/21.5b6190ea.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://myaccount.wellbeingchallenge.uk/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://myaccount.wellbeingchallenge.uk
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
/
o99.ingest.sentry.io/api/5438/envelope/
2 B
102 B
Fetch
General
Full URL
https://o99.ingest.sentry.io/api/5438/envelope/?sentry_key=f43b2d3cb8aa4924bab5f3987d2f913c&sentry_version=7
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/21.5b6190ea.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://myaccount.wellbeingchallenge.uk/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://myaccount.wellbeingchallenge.uk
access-control-expose-headers
x-sentry-error, retry-after, x-sentry-rate-limits
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2FxTs6aISMSQeM0WsFnx23%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQi...
pathwright.imgix.net/
11 KB
11 KB
Image
General
Full URL
https://pathwright.imgix.net/https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2FxTs6aISMSQeM0WsFnx23%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQiLCAiY29udmVydCJdLCAiZXhwaXJ5IjogNDYyMDM3NzAzMX0%253D?fit=max&ixlib=python-1.1.0&w=1400&s=b3c4fc8968429776a23d0a734281515d
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
07ba76a3ec4b63aa6a88c154acd82fde389714179847ce7dbede159329a06fb8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Nov 2021 07:53:59 GMT
server
imgix
age
131269
x-cache
HIT, MISS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2678400
x-imgix-id
cfe5f6437a0e81186850e589cceb77cadec6bc21
accept-ranges
bytes
content-length
10842
cross-origin-resource-policy
cross-origin
x-served-by
cache-sjc10061-SJC, cache-fra19168-FRA
270A48_2_0.5064ab21.woff
prod.pathwrightcdn.com/static/media/
70 KB
71 KB
Font
General
Full URL
https://prod.pathwrightcdn.com/static/media/270A48_2_0.5064ab21.woff
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/css/main.93e86080.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
892b56d1363df3975e502344ab380c70b1e5dc0a5db0207a8313dc61fb74e690

Request headers

Referer
https://prod.pathwrightcdn.com/static/css/main.93e86080.chunk.css
Origin
https://myaccount.wellbeingchallenge.uk
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
QGZB89RQ42WYH96A
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-id-2
JReShb6GHry1DiXzEobdZZfhdWZSmgm9iyaJlJ0CpyzH76LyCoNyToVmqR6gCBVkunjIa9VwEQA=
last-modified
Thu, 19 Dec 2019 20:21:11 GMT
server
cloudflare
etag
W/"5064ab2170ed8f81b55b93e4f4b73615"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
315576000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJZPq%2BwJycL9Yk13FBuQxC24zK8OevXPMdub%2FED5RkO%2F8ay0wdY92CEzRVs4Jl9nCWkvGVIXA4hKyKQp90EpuYF6x%2FxLikZr%2FhOJePn1EkVAbj%2Fu8wu1Am4QVhvtitGodDxV%2B%2BzQs9F64qJ5YExMypVBxDC8"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6afbaade6b8d062d-FRA
graphql
gql.pathwright.com/ Frame
0
0
Preflight
General
Full URL
https://gql.pathwright.com/graphql?school_id=20675
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4043:f501:c8de:b595:c41d:739f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,authorization,content-type,school_id
Origin
https://myaccount.wellbeingchallenge.uk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 17 Nov 2021 20:21:47 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
apollographql-client-name,apollographql-client-version,authorization,content-type,school_id
https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2F5mKNNbZUQ1uCptAOO3xn%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQi...
pathwright.imgix.net/
14 KB
15 KB
Image
General
Full URL
https://pathwright.imgix.net/https%3A%2F%2Fcdn.filestackcontent.com%2Fapi%2Ffile%2F5mKNNbZUQ1uCptAOO3xn%3Fsignature%3D888b9ea3eb997a4d59215bfbe2983c636df3c7da0ff8c6f85811ff74c8982e34%26policy%3DeyJjYWxsIjogWyJyZWFkIiwgInN0YXQiLCAiY29udmVydCJdLCAiZXhwaXJ5IjogNDYyMDM3NzAzMX0%253D?fit=crop&h=250&ixlib=python-1.1.0&w=250&s=332640d515659a8267b44905fa124db9
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
67c295f1074c3f57f443976175bbb409515b96c1b8eabb800f9866f466d3d7e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Nov 2021 11:56:51 GMT
server
imgix
age
116697
x-cache
HIT, MISS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2678400
x-imgix-id
23a66a34f8cd5350d2321fdbec9af3b87c1e535b
accept-ranges
bytes
content-length
14828
cross-origin-resource-policy
cross-origin
x-served-by
cache-sjc10028-SJC, cache-fra19168-FRA
graphql
gql.pathwright.com/
80 B
235 B
Fetch
General
Full URL
https://gql.pathwright.com/graphql?school_id=20675
Requested by
Host: prod.pathwrightcdn.com
URL: https://prod.pathwrightcdn.com/static/js/21.5b6190ea.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4043:f501:c8de:b595:c41d:739f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/ Express
Resource Hash
84af92ef3413aacfab8b4bf6a5230b471f7394ec5d2b1e35f1adbba6aa05c9d0

Request headers

apollographql-client-name
web
Accept-Language
de-DE,de;q=0.9
authorization
Bearer undefined
content-type
application/json
accept
*/*
Referer
https://myaccount.wellbeingchallenge.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
apollographql-client-version
1.0
school_id
20675

Response headers

access-control-allow-origin
*
date
Wed, 17 Nov 2021 20:21:48 GMT
x-powered-by
Express
etag
W/"50-wcP1AwSQ16wLdmMA7l2QSe4EzQU"
content-length
80
content-type
application/json; charset=utf-8
csp-report
q.stripe.com/ Frame F7AE
0
347 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
59
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
m-outer-639174098ea8fe7fede6fa654790e8ec.js
js.stripe.com/v3/fingerprinted/js/ Frame F7AE
1 KB
1 KB
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-110.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
18
x-cache
Hit from cloudfront
date
Wed, 17 Nov 2021 20:21:33 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c1.cloudfront.net (CloudFront)
last-modified
Mon, 25 Oct 2021 19:35:20 GMT
server
Cloudfront
etag
W/"5213886b88cd72e6d0aebc89868e5d13"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
-jhfpkLy01-oqascHTf4ggp7_DXXn9oS5nhcDPFcYMOqMbxPFc7snA==
inner.html
m.stripe.network/ Frame 8079
932 B
2 KB
Document
General
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8200:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://js.stripe.com/

Response headers

content-type
text/html; charset=utf-8
content-length
932
last-modified
Thu, 04 Nov 2021 19:04:57 GMT
accept-ranges
bytes
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
x-content-type-options
nosniff
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://m.stripe.com; default-src 'none'; font-src 'self'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy
connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
date
Wed, 17 Nov 2021 20:21:10 GMT
cache-control
max-age=300, public
etag
"f6254e6dd0cb06228801a1c8baf0939f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
Id04Z43bLc48LAZk_wKhDSmkgzIT5jg4N33AxBGBipRvFmLBrKRXRA==
age
40
csp-report
q.stripe.com/ Frame 8079
0
122 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
x-envoy-upstream-service-time
57
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
csp-report
q.stripe.com/ Frame 8079
0
121 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: myaccount.wellbeingchallenge.uk
URL: https://myaccount.wellbeingchallenge.uk/auth/sign-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
x-envoy-upstream-service-time
59
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
out-4.5.41.js
m.stripe.network/ Frame 8079
85 KB
14 KB
Script
General
Full URL
https://m.stripe.network/out-4.5.41.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8200:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
85
x-cache
Hit from cloudfront
date
Wed, 17 Nov 2021 20:20:23 GMT
last-modified
Thu, 04 Nov 2021 19:04:57 GMT
server
Cloudfront
etag
W/"2db385faf28cf5f9393cf01a0a1edfa2"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
cache-control
max-age=300, public
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
2GZ6PyScYXgcQofEZqOmculnXS5DcF9v5Svz-2rBrZQqVN7U4v9hRQ==
6
m.stripe.com/ Frame 8079
156 B
517 B
XHR
General
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.167.194.245 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-194-245.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
db6c21c0754d75b33ebb608dbfa6e7c0d61a7a8659484f95ff5340dcb0aa0992
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 17 Nov 2021 20:21:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-headers
Content-Type

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| __webpackStripeJSv3Jsonp function| Stripe object| firebase function| coview object| bootstrappedData object| webpackJsonp object| _coview object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| _ object| Backbone object| React function| $ function| jQuery object| rivets object| nunjucks function| moment object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI object| App object| Pathwright function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __createBinding function| __values function| __read function| __spread function| __spreadArrays function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| __classPrivateFieldGet function| __classPrivateFieldSet function| __spreadArray object| __SENTRY__ function| I18nextProvider object| BackboneUtils boolean| FBinitialized function| fbAsyncInit object| school object| resourcesCaches number| __mobxInstanceCount boolean| globalIsLoggedIn object| ConnectStoreCache object| user string| fbLoadingImg object| LazyLibraryRoutes object| invitationStore object| apolloClientStoreBridge object| FB object| __sentry_instrumentation_handlers__

3 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: 30c38dd8-1154-406f-a2f6-5a81b07fa4a99507ab
.myaccount.wellbeingchallenge.uk/ Name: __stripe_mid
Value: 5c261635-a4d5-43f4-a9d1-f515c4c4efd08c587f
.myaccount.wellbeingchallenge.uk/ Name: __stripe_sid
Value: 46b6b86c-0f58-4436-85a0-1cab0779f6020ca5c5

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.coview.com
cdn.coview.com
cdn.polyfill.io
cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
gql.pathwright.com
js.stripe.com
m.stripe.com
m.stripe.network
maxcdn.bootstrapcdn.com
myaccount.wellbeingchallenge.uk
o99.ingest.sentry.io
pathwright.imgix.net
prod.pathwrightcdn.com
q.stripe.com
www.gstatic.com
13.35.253.110
130.211.16.248
2600:1f18:4043:f501:c8de:b595:c41d:739f
2600:9000:2057:8200:19:7d10:bd80:93a1
2606:4700:3032::ac43:bf3b
2606:4700::6810:125e
2606:4700::6812:acf
2a00:1450:4001:811::200a
2a00:1450:4001:82b::2003
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:3::720
2a04:4e42::282
3.224.218.170
34.120.195.249
35.167.194.245
54.186.23.98
07ba76a3ec4b63aa6a88c154acd82fde389714179847ce7dbede159329a06fb8
0c7b06cc527bd25cd23376f3a096ce722d3d9556455792e69276e0f91dd577f4
1291d03144c937c5a1d7a6603f041e2689362d8f2d98eaef90cf1a2433a0d1f1
1698547b32aa466fa9d60986377609f15d5d5d46323062bf72f499e85fb4c5be
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
2ab6b4421da5f85eb3cb0241388495b597db0b330622d905767d4b4139cbfc5f
32ebb6d264142731a0524bc5d1c2108ac36796279a1451a93b77d6647e195d35
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
50405ec575c1aa30532424fd9c21cd67fc4d5e6ed6c9fffe8d64a2ca6d245273
65a204a507aa526fa141c49b8f50ec7b8ee863de9f3f370e805ee90625f13a94
67c295f1074c3f57f443976175bbb409515b96c1b8eabb800f9866f466d3d7e4
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
6c1cb724f9bdb180f9c3e23bb027b9a69b33cc1e0f6a4305e947fba7afb43d8e
70ea2b504c5dc7510692a3cb1ead402d898ad0c7dd0825ad42c02ac35816cc06
7ccafeb22224e7ddde4400a495c5a0af884e8f21120609394b578c3d37412502
81cbba004e92c26fe7399b6a84b35630fa58ac7608d130b7dbf7eab1eaa3e4fc
84af92ef3413aacfab8b4bf6a5230b471f7394ec5d2b1e35f1adbba6aa05c9d0
86fe7cd5b8e357707007aaa53fd4c516779aaee52b180beb0ff5f664532ffd28
892b56d1363df3975e502344ab380c70b1e5dc0a5db0207a8313dc61fb74e690
9999eea03da1d9d825c3475a715e10f1e9139c598a4bdf3ecd39c978f59a64af
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
b97347cba14ae763dbf374a6538e6654083b6040a6afd2f0c2ed733b3df58f97
bedab15fd177a9715568682a8b3a04edd59939cafffa07dfd2e6e64b010f757c
c9df0620cb79f0bbb36be6c367813dcac9ca3bd2d9317459b02591deb41a80ea
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
d1c81637631d5c85e49c8c0a5322fd06b6257b6466e24cc4ec7349616e81b239
db6c21c0754d75b33ebb608dbfa6e7c0d61a7a8659484f95ff5340dcb0aa0992
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e20f7d2c7c5032cd8b9b0b03ed846d9e25dafe086676bbd4d70925f95d821ec2
e2a238e901cad1dc833d94fb90be3e08f6cadbafacaecf58fb231a40b3f74950
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
f9e914052d3540e1a3f59375d29954bab08025ae7387f2129a4a3ddcac6b3a8c