myaccount.norwich.gov.uk Open in urlscan Pro
185.40.11.254 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://myaccount.norwich.gov.uk/
Effective URL:
https://myaccount.norwich.gov.uk/q/login
Submission: On March 08 via automatic, source certstream-suspicious (March 8th 2022, 10:17:37 am UTC) — Scanned from GB

Summary HTTP 17 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 185.40.11.254, located in United Kingdom and belongs to UKCLOUD-AS, GB. The main domain is myaccount.norwich.gov.uk.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on January 28th 2020. Valid for: 2 years.

This is the only time myaccount.norwich.gov.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 10	185.40.11.254 185.40.11.254	199055 (UKCLOUD-AS) (UKCLOUD-AS)
1	52.218.0.128 52.218.0.128	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
17	5

10 185.40.11.254 (United Kingdom) 3 redirects

ASN199055 (UKCLOUD-AS, GB)

myaccount.norwich.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.218.0.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1-r-w.amazonaws.com

jadu-q-files.s3.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	norwich.gov.uk 3 redirects myaccount.norwich.gov.uk	806 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	338 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	23 KB
1	amazonaws.com jadu-q-files.s3.eu-west-1.amazonaws.com	25 KB
17	4

	Domain	Requested by
10	myaccount.norwich.gov.uk	3 redirects myaccount.norwich.gov.uk
4	www.gstatic.com	www.google.com www.gstatic.com
3	www.google.com	myaccount.norwich.gov.uk www.gstatic.com www.google.com
2	fonts.gstatic.com	www.google.com
1	jadu-q-files.s3.eu-west-1.amazonaws.com	myaccount.norwich.gov.uk
17	5

This site contains links to these domains. Also see Links.

Domain
policies.google.com

Subject Issuer	Validity	Valid
myaccount.norwich.gov.uk GlobalSign RSA OV SSL CA 2018	`2020-01-28` - `2022-03-23`	2 years	crt.sh
*.s3-eu-west-1.amazonaws.com Amazon	`2021-12-17` - `2022-12-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://myaccount.norwich.gov.uk/q/login
Frame ID: 3EF1CA6C326CAEDCEB77158D0CA867FD
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrobgUAAAAAOJ3d9dOzcOyFq6Td8E6kuM4DrZK&co=aHR0cHM6Ly9teWFjY291bnQubm9yd2ljaC5nb3YudWs6NDQz&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=invisible&cb=4xkavkq4dgn
Frame ID: 2440903B43984A13B9DE9EEE51BAD25B
Requests: 7 HTTP requests in this frame

Frame: https://myaccount.norwich.gov.uk/q/csp/report
Frame ID: 3010C244A4A8657E6FB7546C8C10BB60
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in | Norwich City Council

Page URL History Show full URLs

https://myaccount.norwich.gov.uk/ HTTP 302
https://myaccount.norwich.gov.uk/q HTTP 301
https://myaccount.norwich.gov.uk/q/ HTTP 302
https://myaccount.norwich.gov.uk/q/login Page URL

Detected technologies

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

17
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

1191 kB
Transfer

4696 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://myaccount.norwich.gov.uk/ HTTP 302
https://myaccount.norwich.gov.uk/q HTTP 301
https://myaccount.norwich.gov.uk/q/ HTTP 302
https://myaccount.norwich.gov.uk/q/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login Show response
myaccount.norwich.gov.uk/q/
Redirect Chain

https://myaccount.norwich.gov.uk/
https://myaccount.norwich.gov.uk/q
https://myaccount.norwich.gov.uk/q/
https://myaccount.norwich.gov.uk/q/login

8 KB
4 KB

122ms
122ms

Document
text/html

185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

ed1ebae9ec92e651183ea99fd73d1dd8879d464519d82a7666622a265610b290

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Strict-Transport-Security	max-age=300; includeSubDomains
X-Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Date: Tue, 08 Mar 2022 10:17:32 GMT
Server: Web Server
Cache-Control: max-age=0, must-revalidate, private
X-Sign-In: control-centre
X-UA-Compatible: IE=edge
Content-Security-Policy: default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
X-Content-Security-Policy: default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Mar 2022 10:17:32 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubDomains
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 2156
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 08 Mar 2022 10:17:32 GMT
Server: Web Server
Cache-Control: max-age=0, must-revalidate, private
X-UA-Compatible: IE=edge
Expires: Tue, 08 Mar 2022 10:17:32 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubDomains
Location: /q/login
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 182
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

POST
H/1.1 204
No Content report
myaccount.norwich.gov.uk/q/csp/ 0
1 KB 150ms
150ms Other
text/html 185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/csp/report

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Strict-Transport-Security	max-age=300; includeSubDomains
X-Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://myaccount.norwich.gov.uk/q/login
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/csp-report

Response headers

Date: Tue, 08 Mar 2022 10:17:32 GMT
Strict-Transport-Security: max-age=300; includeSubDomains
X-Content-Security-Policy: default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Server: Web Server
X-Frame-Options: SAMEORIGIN
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, private
Content-Security-Policy: default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=edge

GET
H/1.1 200
OK commons.js Show response
myaccount.norwich.gov.uk/q/dist/js/ 668 KB
194 KB 249ms
85ms Script
application/javascript 185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/dist/js/commons.js?v=1644517967

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

aa074a51c4d0ce77949b843a86fdf0457bf97469ef32bcfdd7901065852e7eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://myaccount.norwich.gov.uk/q/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=300; includeSubDomains
Content-Encoding: gzip
Last-Modified: Thu, 10 Feb 2022 18:33:08 GMT
Server: Web Server
X-Frame-Options: SAMEORIGIN
Date: Tue, 08 Mar 2022 10:17:32 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Wed, 08 Mar 2023 10:17:32 GMT

GET
H/1.1 200
OK pulsar.css
myaccount.norwich.gov.uk/q/css/ 951 KB
106 KB 244ms
95ms Stylesheet
text/css 185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/css/pulsar.css?v=1644517967

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

4af9cc13b5077c2f0cccef7fb1e742d12f909c50ec1444372aed82edbb21510f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://myaccount.norwich.gov.uk/q/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=300; includeSubDomains
Content-Encoding: gzip
Last-Modified: Thu, 10 Feb 2022 18:33:08 GMT
Server: Web Server
X-Frame-Options: SAMEORIGIN
Date: Tue, 08 Mar 2022 10:17:32 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Expires: Wed, 08 Mar 2023 10:17:32 GMT

GET
H/1.1 200
OK index.js Show response
myaccount.norwich.gov.uk/q/dist/js/ 2 MB
479 KB 267ms
88ms Script
application/javascript 185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/dist/js/index.js?v=1644517967

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

c2c6ba6a82c0605810787bc988a3034a4f969c304958336b32c73922663b1764

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://myaccount.norwich.gov.uk/q/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=300; includeSubDomains
Content-Encoding: gzip
Last-Modified: Thu, 10 Feb 2022 18:33:08 GMT
Server: Web Server
X-Frame-Options: SAMEORIGIN
Date: Tue, 08 Mar 2022 10:17:32 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Wed, 08 Mar 2023 10:17:32 GMT

GET
H/1.1 200
OK logo-large.png
jadu-q-files.s3.eu-west-1.amazonaws.com/icons/35/4w7sa6mltxie90laNq8a0hZQF3BGOI67/ 25 KB
25 KB 258ms
73ms Image
image/png 52.218.0.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadu-q-files.s3.eu-west-1.amazonaws.com/icons/35/4w7sa6mltxie90laNq8a0hZQF3BGOI67/logo-large.png
Requested by: Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.0.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-eu-west-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 60fe4391ec38108580c085b6b860b94afb4db98a23db834343ed20771bf0875a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://myaccount.norwich.gov.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Tue, 08 Mar 2022 10:17:34 GMT
Last-Modified: Wed, 11 Aug 2021 14:37:02 GMT
Server: AmazonS3
x-amz-request-id: G5XQPZSCZRM19DQM
ETag: "75cde6494c9b530054ffc64caa3f3049"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 25480
x-amz-id-2: ou7WF86Q3mCE2GOAIumkOfJyl11/tfvIZLecwv6QWWjzhEyYKsZ9aEXr0MbToOYX1rVzkmSMZ74=

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
999 B 190ms
68ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LcrobgUAAAAAOJ3d9dOzcOyFq6Td8E6kuM4DrZK

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5ef963768e9ac3716b80be6758253860361f97be67dab3c9ed4497618c66b3ac

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://myaccount.norwich.gov.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 10:17:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Tue, 08 Mar 2022 10:17:33 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ 356 KB
141 KB 183ms
56ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LcrobgUAAAAAOJ3d9dOzcOyFq6Td8E6kuM4DrZK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myaccount.norwich.gov.uk/
Origin: https://myaccount.norwich.gov.uk
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 18:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143652
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Mar 2023 18:10:19 GMT

GET
H/1.1 200
OK proximanova-light.woff2
myaccount.norwich.gov.uk/q/bundles/jadupulsar/fonts/proxima_nova/ 20 KB
20 KB 73ms
73ms Font
font/woff2 185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/bundles/jadupulsar/fonts/proxima_nova/proximanova-light.woff2

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/css/pulsar.css?v=1644517967

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

fe1baa9105a77c741b8f001cd7b5d8981c22ea30959430b3d3885c2925679abd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://myaccount.norwich.gov.uk/q/css/pulsar.css?v=1644517967
Origin: https://myaccount.norwich.gov.uk
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=300; includeSubDomains
Content-Encoding: gzip
Last-Modified: Thu, 10 Feb 2022 18:33:08 GMT
Server: Web Server
X-Frame-Options: SAMEORIGIN
Date: Tue, 08 Mar 2022 10:17:33 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 20475
Expires: Wed, 08 Mar 2023 10:17:33 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 2440 41 KB
22 KB 74ms
73ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrobgUAAAAAOJ3d9dOzcOyFq6Td8E6kuM4DrZK&co=aHR0cHM6Ly9teWFjY291bnQubm9yd2ljaC5nb3YudWs6NDQz&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=invisible&cb=4xkavkq4dgn

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7a99e9db1aa0cdfa5f11e9f6519731dd1ee1c732498fcd7b7981a1f3fd3d0c2b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8MshYwWYYiCwWqNc9ThAqg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://myaccount.norwich.gov.uk/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 08 Mar 2022 10:17:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-8MshYwWYYiCwWqNc9ThAqg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21865
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ Frame 2440 51 KB
24 KB 119ms
56ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrobgUAAAAAOJ3d9dOzcOyFq6Td8E6kuM4DrZK&co=aHR0cHM6Ly9teWFjY291bnQubm9yd2ljaC5nb3YudWs6NDQz&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=invisible&cb=4xkavkq4dgn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 18:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Mar 2023 18:10:19 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ Frame 2440 356 KB
140 KB 116ms
54ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 18:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143652
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Mar 2023 18:10:19 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 2440 2 KB
2 KB 54ms
53ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 573466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 08 Mar 2022 18:59:48 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2440 15 KB
16 KB 173ms
56ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 601169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 11:18:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2440 15 KB
15 KB 186ms
69ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 573466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 18:59:48 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 2440 102 B
134 B 63ms
63ms Other
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bc607fa1d638484ad3a9af52879524a28db36ca792ae3818baceacb79e7cbd3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrobgUAAAAAOJ3d9dOzcOyFq6Td8E6kuM4DrZK&co=aHR0cHM6Ly9teWFjY291bnQubm9yd2ljaC5nb3YudWs6NDQz&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=invisible&cb=4xkavkq4dgn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 10:17:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 08 Mar 2022 10:17:34 GMT

POST
H/1.1 204
No Content report
myaccount.norwich.gov.uk/q/csp/ Frame 3010 0
1 KB 136ms
135ms Other
text/html 185.40.11.254
UKCLOUD-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.norwich.gov.uk/q/csp/report

Requested by

Host: myaccount.norwich.gov.uk
URL: https://myaccount.norwich.gov.uk/q/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.40.11.254 , United Kingdom, ASN199055 (UKCLOUD-AS, GB),

Reverse DNS

Software

Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Strict-Transport-Security	max-age=300; includeSubDomains
X-Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/csp-report

Response headers

Date: Tue, 08 Mar 2022 10:17:34 GMT
Strict-Transport-Security: max-age=300; includeSubDomains
X-Content-Security-Policy: default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Server: Web Server
X-Frame-Options: SAMEORIGIN
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, private
Content-Security-Policy: default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=edge

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			myaccount.norwich.gov.uk/	1969-12-31 23:59:59	Name: PHPSESSID Value: f0ccacedc6c0917ab36db1415463c3f4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
Strict-Transport-Security	max-age=300; includeSubDomains
X-Content-Security-Policy	default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stream.q.jadu.net/.well-known/mercure; frame-src www.google.com/recaptcha/; img-src 'self' *.amazonaws.com https://www.google-analytics.com data: blob: twemoji.maxcdn.com; script-src 'self' https://www.google-analytics.com https://ssl.www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; report-uri /q/csp/report
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
jadu-q-files.s3.eu-west-1.amazonaws.com
myaccount.norwich.gov.uk
www.google.com
www.gstatic.com
185.40.11.254
2a00:1450:4001:800::2003
2a00:1450:4001:811::2003
2a00:1450:4001:82b::2004
52.218.0.128
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4af9cc13b5077c2f0cccef7fb1e742d12f909c50ec1444372aed82edbb21510f
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5ef963768e9ac3716b80be6758253860361f97be67dab3c9ed4497618c66b3ac
60fe4391ec38108580c085b6b860b94afb4db98a23db834343ed20771bf0875a
7a99e9db1aa0cdfa5f11e9f6519731dd1ee1c732498fcd7b7981a1f3fd3d0c2b
aa074a51c4d0ce77949b843a86fdf0457bf97469ef32bcfdd7901065852e7eec
bc607fa1d638484ad3a9af52879524a28db36ca792ae3818baceacb79e7cbd3b
c2c6ba6a82c0605810787bc988a3034a4f969c304958336b32c73922663b1764
d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed1ebae9ec92e651183ea99fd73d1dd8879d464519d82a7666622a265610b290
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
fe1baa9105a77c741b8f001cd7b5d8981c22ea30959430b3d3885c2925679abd

myaccount.norwich.gov.uk Open in urlscan Pro 185.40.11.254 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

1191 kBTransfer

4696 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

myaccount.norwich.gov.uk Open in urlscan Pro
185.40.11.254 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

1191 kB
Transfer

4696 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions