login-stg.manutd.com Open in urlscan Pro
34.240.138.161  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response login-stg.manutd.com/	9 KB 10 KB	557ms 90ms	Document text/html	34.240.138.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-stg.manutd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.240.138.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-240-138-161.eu-west-1.compute.amazonaws.com Software / Resource Hash 34543dc3496fcd1634047cddf72c448348b6a1bd9dff005ee62e16aa3dfe3690 Security Headers Name Value Content-Security-Policy img-src 'self' *.manutd.com *.gigya.com data: https:; style-src 'self' fonts.googleapis.com *.facebook.net *.manutd.com https:;connect-src *.manutd.com *.gigya.com *.adobedtm.com dpm.demdex.net *.facebook.com;script-src 'self' 'unsafe-eval' 'nonce-eJlkmQTWiB+8LLBNw+DSCHDiMAFnKle8ExfjxCJD4nk=' *.google.com *.manutd.com www.gstatic.com *.gigya.com *.adobedtm.com dpm.demdex.net *.facebook.net; Strict-Transport-Security max-age=31536000; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Cache-Control no-store,no-cache Connection keep-alive Content-Length 9150 Content-Security-Policy img-src 'self' *.manutd.com *.gigya.com data: https:; style-src 'self' fonts.googleapis.com *.facebook.net *.manutd.com https:;connect-src *.manutd.com *.gigya.com *.adobedtm.com dpm.demdex.net *.facebook.com;script-src 'self' 'unsafe-eval' 'nonce-eJlkmQTWiB+8LLBNw+DSCHDiMAFnKle8ExfjxCJD4nk=' *.google.com *.manutd.com www.gstatic.com *.gigya.com *.adobedtm.com dpm.demdex.net *.facebook.net; Content-Type text/html; charset=utf-8 Date Wed, 24 Jul 2024 07:36:41 GMT Pragma no-cache Referrer-Policy same-origin Strict-Transport-Security max-age=31536000; preload X-Application-Version 2024.7.18.2 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block frame-ancestors self
GET H/1.1	200 OK	main.css login-stg.manutd.com/assets/styles/	162 KB 163 KB	77ms 76ms	Stylesheet text/css	34.240.138.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-stg.manutd.com/assets/styles/main.css?v=LOGA3M8-48HsBUW4OFcidVxtMfPBLV-Kzbslk4GC8Gw Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.240.138.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-240-138-161.eu-west-1.compute.amazonaws.com Software / Resource Hash 2ce180dccf3ee3c1ec0545b8385722755c6d31f3c12d5f8acdbb25938182f06c Security Headers Name Value Strict-Transport-Security max-age=31536000; preload X-Xss-Protection 1; mode=block Request headers Referer https://login-stg.manutd.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Wed, 24 Jul 2024 07:36:41 GMT Strict-Transport-Security max-age=31536000; preload Last-Modified Thu, 18 Jul 2024 08:20:44 GMT ETag "1dad8eb625e1ee3" Content-Type text/css Cache-Control no-cache,no-store Connection keep-alive Accept-Ranges bytes Content-Length 166115 X-XSS-Protection 1; mode=block Expires Fri, 23 Aug 2024 07:36:41 GMT
GET H2	200	gigya.js Show response cdns.eu1.gigya.com/JS/	539 KB 176 KB	601ms 438ms	Script text/javascript	23.205.190.69 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.205.190.69 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-190-69.deploy.static.akamaitechnologies.com Software / Resource Hash 83f2d49a62e6646c1cdcfccec7ef806b10a5e38418e339e5ae39942ecda37617 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 07:36:41 GMT content-encoding gzip x-soa true, Gator vary Accept-Encoding p3p CP="IDC COR PSA DEV ADM OUR IND ONL" access-control-allow-origin * x-callid 56718798071e14e3d9b452f9c4c4dc35 content-type text/javascript; charset=utf-8 cache-control public, s-maxage=3600, max-age=900 x-server us1d-nomad-t5 x-error-code 0 x-robots-tag none content-length 179503
GET H/1.1	200 OK	main.bundle.js Show response login-stg.manutd.com/assets/js/	419 KB 420 KB	215ms 113ms	Script application/javascript	34.240.138.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-stg.manutd.com/assets/js/main.bundle.js?v=liUSHXRS1KridAldamwfo6wk6dSNvwJpldftu3O1CEQ Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.240.138.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-240-138-161.eu-west-1.compute.amazonaws.com Software / Resource Hash 9625121d7452d4aae274095d6a6c1fa3ac24e9d48dbf026995d7edbb73b50844 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload X-Xss-Protection 1; mode=block Request headers Referer https://login-stg.manutd.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Wed, 24 Jul 2024 07:36:41 GMT Strict-Transport-Security max-age=31536000; preload Last-Modified Thu, 18 Jul 2024 08:20:44 GMT ETag "1dad8eb625a1b16" Content-Type application/javascript Cache-Control no-cache,no-store Connection keep-alive Accept-Ranges bytes Content-Length 429334 X-XSS-Protection 1; mode=block Expires Fri, 23 Aug 2024 07:36:41 GMT
GET H/1.1	200 OK	runtime.bundle.js Show response login-stg.manutd.com/assets/js/	6 KB 7 KB	152ms 50ms	Script application/javascript	34.240.138.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-stg.manutd.com/assets/js/runtime.bundle.js?v=mjLLjlnL4lIaXrfeq4EcO3HhqN760PDCMkcLWBOzbA4 Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.240.138.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-240-138-161.eu-west-1.compute.amazonaws.com Software / Resource Hash 9a32cb8e59cbe2521a5eb7deab811c3b71e1a8defad0f0c232470b5813b36c0e Security Headers Name Value Strict-Transport-Security max-age=31536000; preload X-Xss-Protection 1; mode=block Request headers Referer https://login-stg.manutd.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Wed, 24 Jul 2024 07:36:41 GMT Strict-Transport-Security max-age=31536000; preload Last-Modified Thu, 18 Jul 2024 08:20:44 GMT ETag "1dad8eb625c81f8" Content-Type application/javascript Cache-Control no-cache,no-store Connection keep-alive Accept-Ranges bytes Content-Length 6136 X-XSS-Protection 1; mode=block Expires Fri, 23 Aug 2024 07:36:41 GMT
GET H3	200	api.js Show response www.google.com/recaptcha/	1 KB 961 B	137ms 38ms	Script text/javascript	142.250.74.196 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.74.196 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s02-in-f4.1e100.net Software GSE / Resource Hash df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 07:36:41 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Wed, 24 Jul 2024 07:36:41 GMT
GET H2	200	css2 fonts.googleapis.com/	11 KB 1 KB	607ms 58ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Bebas+Neue&family=Source+Sans+Pro:wght@300;400;700;900&display=swap Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/assets/styles/main.css?v=LOGA3M8-48HsBUW4OFcidVxtMfPBLV-Kzbslk4GC8Gw Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash cacecf37abfffaf171d8446e65b3abbb19b79a754a581c051add6716b8bfdc5b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Wed, 24 Jul 2024 07:36:41 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 24 Jul 2024 07:36:41 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 24 Jul 2024 07:36:41 GMT
GET H2	200	sdk.config.get Show response cdns.eu1.gigya.com/	5 KB 2 KB	606ms 407ms	Fetch text/javascript	23.205.190.69 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&httpStatusCodes=true Requested by Host: cdns.eu1.gigya.com URL: https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.205.190.69 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-190-69.deploy.static.akamaitechnologies.com Software / Resource Hash 2b71d1c286568cbca377cc2315018166973c9ff9efb937bcf81b6d1079d9fd2b Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 07:36:42 GMT content-encoding gzip x-soa true, Gator vary Accept-Encoding p3p CP="IDC COR PSA DEV ADM OUR IND ONL" access-control-allow-origin * x-callid 7c2b58017d4a0c6725922eeef5d41119 content-type text/javascript; charset=utf-8 cache-control public, s-maxage=120, max-age=60 x-server us1d-nomad-t2 accept-ranges bytes x-error-code 0 x-robots-tag none content-length 1953
GET H2	200	Header-Logo1500994616801.png assets.manutd.com/AssetPicker/images/0/0/3/2/197240/	78 KB 79 KB	1013ms 202ms	Image image/png	95.101.149.135 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://assets.manutd.com/AssetPicker/images/0/0/3/2/197240/Header-Logo1500994616801.png Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/assets/styles/main.css?v=LOGA3M8-48HsBUW4OFcidVxtMfPBLV-Kzbslk4GC8Gw Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.149.135 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a95-101-149-135.deploy.static.akamaitechnologies.com Software / Resource Hash f5b49f42ab7904a6275858575d1dcf8bb784c9608ed0a1cb96f7a83921926d15 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://login-stg.manutd.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers x-amz-version-id k5L44wjRFXFI4oz1JZ.Jadb7OmBdeJ17 content-encoding gzip x-content-type-options nosniff date Wed, 24 Jul 2024 07:36:42 GMT last-modified Tue, 25 Jul 2017 14:56:57 GMT x-amz-request-id ZWVT7JCXQGB1Y5ZT etag "4df76e673b6de5778474719dd53d9d70" vary Accept-Encoding content-type image/png cache-control max-age=7776000 x-amz-replication-status COMPLETED accept-ranges bytes content-length 80018 x-amz-id-2 NIjS3/4c+rlxTROPpuCnhP45+3Z1XlRWRKhzFMMaZUfk4Sf3dWmsCk+Ry78wPDwDEd4rwYa4bao= expires Tue, 22 Oct 2024 07:36:42 GMT
GET H2	200	JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 fonts.gstatic.com/s/bebasneue/v14/	13 KB 14 KB	879ms 137ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Bebas+Neue&family=Source+Sans+Pro:wght@300;400;700;900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://login-stg.manutd.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 14:55:27 GMT x-content-type-options nosniff age 60075 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13820 x-xss-protection 0 last-modified Thu, 24 Aug 2023 21:28:06 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 23 Jul 2025 14:55:27 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v22/	14 KB 14 KB	880ms 138ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Bebas+Neue&family=Source+Sans+Pro:wght@300;400;700;900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://login-stg.manutd.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 11:47:41 GMT x-content-type-options nosniff age 71341 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14712 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:57 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 23 Jul 2025 11:47:41 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v22/	15 KB 15 KB	878ms 136ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Bebas+Neue&family=Source+Sans+Pro:wght@300;400;700;900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://login-stg.manutd.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 11:48:15 GMT x-content-type-options nosniff age 71307 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14892 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 23 Jul 2025 11:48:15 GMT
GET H/1.1	200 OK	intlTelInput-utils.js Show response login-stg.manutd.com/assets/js/	434 KB 434 KB	84ms 81ms	Script application/javascript	34.240.138.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-stg.manutd.com/assets/js/intlTelInput-utils.js Requested by Host: login-stg.manutd.com URL: https://login-stg.manutd.com/assets/js/main.bundle.js?v=liUSHXRS1KridAldamwfo6wk6dSNvwJpldftu3O1CEQ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.240.138.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-240-138-161.eu-west-1.compute.amazonaws.com Software / Resource Hash df6467bd4f2c7b82b15dfed9f46ff9e95d049ec98d3fdd09ebac6960df0565e6 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload X-Xss-Protection 1; mode=block Request headers Referer https://login-stg.manutd.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Wed, 24 Jul 2024 07:36:42 GMT Strict-Transport-Security max-age=31536000; preload Last-Modified Thu, 18 Jul 2024 08:20:44 GMT ETag "1dad8eb625a5160" Content-Type application/javascript Cache-Control no-cache,no-store Connection keep-alive Accept-Ranges bytes Content-Length 444256 X-XSS-Protection 1; mode=block Expires Fri, 23 Aug 2024 07:36:42 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/	536 KB 213 KB	774ms 135ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer Origin https://login-stg.manutd.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 24 Jul 2024 07:23:55 GMT content-encoding gzip x-content-type-options nosniff age 767 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 217833 x-xss-protection 0 last-modified Sun, 23 Jun 2024 08:01:07 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 24 Jul 2025 07:23:55 GMT
GET H2	200	Api.aspx cdns.eu1.gigya.com/gs/webSdk/ Frame 27A9	0 0	746ms 381ms	Document text/html	23.205.190.69 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&version=latest&build=16174 Requested by Host: cdns.eu1.gigya.com URL: https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.205.190.69 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-190-69.deploy.static.akamaitechnologies.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-origin * cache-control public, s-maxage=3600, max-age=900 content-encoding gzip content-length 45103 content-type text/html; charset=utf-8 date Wed, 24 Jul 2024 07:36:43 GMT p3p CP="IDC COR PSA DEV ADM OUR IND ONL" strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-callid e1c4a441168a9b84f36e469540c9a315 x-error-code 0 x-robots-tag none x-server us1d-nomad-t10 x-soa true, Gator
GET H/1.1	200 OK	favicon.ico login-stg.manutd.com/	1 KB 2 KB	140ms 131ms	Other image/x-icon	34.240.138.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login-stg.manutd.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.240.138.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-240-138-161.eu-west-1.compute.amazonaws.com Software / Resource Hash 8b6fdb801fba4826a826fe7bd4e93fe4fa7feacff81cd97e8d6c965890bd7820 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload X-Xss-Protection 1; mode=block Request headers Referer https://login-stg.manutd.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Wed, 24 Jul 2024 07:36:43 GMT Strict-Transport-Security max-age=31536000; preload Last-Modified Thu, 18 Jul 2024 08:19:31 GMT ETag "1dad8eb36d9affe" Content-Type image/x-icon Cache-Control no-cache,no-store Connection keep-alive Accept-Ranges bytes Content-Length 1150 X-XSS-Protection 1; mode=block Expires Fri, 23 Aug 2024 07:36:43 GMT
GET H2	200	sso.htm cdns.eu1.gigya.com/gs/ Frame 0C09	0 0	76ms 72ms	Document text/html	23.205.190.69 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&ssoSegment=&version=latest&build=16174 Requested by Host: cdns.eu1.gigya.com URL: https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.205.190.69 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-190-69.deploy.static.akamaitechnologies.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-origin * cache-control public, s-maxage=3600, max-age=900 content-encoding gzip content-length 33504 content-type text/html; charset=utf-8 date Wed, 24 Jul 2024 07:36:44 GMT p3p CP="IDC COR PSA DEV ADM OUR IND ONL" strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-callid b2f1aecc8e7badf4c8564276b1f7ef78 x-error-code 0 x-robots-tag none x-server us1d-nomad-t3 x-soa true, Gator
GET H2	200	sso.htm cdns.eu1.gigya.com/gs/ Frame B9DD	0 0	115ms 115ms	Document text/html	23.205.190.69 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&ssoSegment=&version=latest&build=16174 Requested by Host: cdns.eu1.gigya.com URL: https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.205.190.69 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-190-69.deploy.static.akamaitechnologies.com Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-origin * cache-control public, s-maxage=3600, max-age=900 content-encoding gzip content-length 33504 content-type text/html; charset=utf-8 date Wed, 24 Jul 2024 07:36:44 GMT p3p CP="IDC COR PSA DEV ADM OUR IND ONL" vary Accept-Encoding x-callid b2f1aecc8e7badf4c8564276b1f7ef78 x-error-code 0 x-robots-tag none x-server us1d-nomad-t3 x-soa true, Gator
GET H2	200	sso.htm cdns.eu1.gigya.com/gs/ Frame 0E18	0 0	0ms 0ms	Document text/html	23.205.190.69 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&ssoSegment=&version=latest&build=16174 Requested by Host: cdns.eu1.gigya.com URL: https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.205.190.69 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-190-69.deploy.static.akamaitechnologies.com Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-origin * cache-control public, s-maxage=3600, max-age=900 content-encoding gzip content-length 33504 content-type text/html; charset=utf-8 date Wed, 24 Jul 2024 07:36:44 GMT p3p CP="IDC COR PSA DEV ADM OUR IND ONL" vary Accept-Encoding x-callid b2f1aecc8e7badf4c8564276b1f7ef78 x-error-code 0 x-robots-tag none x-server us1d-nomad-t3 x-soa true, Gator
GET H2	200	sdk.js Show response connect.facebook.net/de_DE/	3 KB 4 KB	194ms 64ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/de_DE/sdk.js Requested by Host: cdns.eu1.gigya.com URL: https://cdns.eu1.gigya.com/JS/gigya.js?apikey=3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9&lang=de-DE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ba33e85f7fa652e33036c98a7aacf81a0ead4ab287f2377e06fa93cae0fdb9f1 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Wed, 24 Jul 2024 07:36:45 GMT content-md5 lBarVufSfp2zFLkp2Qbl3A== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1683 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=19, rtx=0, c=15, mss=1297, tbw=2804, tp=-1, tpl=-1, uplat=0, ullat=-1 x-fb-debug jZjDYAtrEjy7BhUHHr8oA24Xfb21td8aUmcPeSSuhvsnKHsGo+bwBqFlDHBiPzKTFU0lLfMfWtNmm0ZvR2F5eQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-content-md5 2fa3d98b219d0a5f90c4edf0153ac068 cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" etag "decc395aa92d975d2189bdd0e1b457df" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * origin-agent-cluster ?0 access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" x-frame-options DENY timing-allow-origin * expires Wed, 24 Jul 2024 07:47:48 GMT
GET H3	200	sdk.js Show response connect.facebook.net/de_DE/	299 KB 86 KB	55ms 28ms	Script application/x-javascript	157.240.0.6 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/de_DE/sdk.js?hash=64ed7f50a3fc91f059cf78e8e8af373e Requested by Host: connect.facebook.net URL: https://connect.facebook.net/de_DE/sdk.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-02-fra3.fbcdn.net Software / Resource Hash f001c3eec92f276c7287a6c8857e2600258467f07d3e8c6d40437551b4b1f154 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer Origin https://login-stg.manutd.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Wed, 24 Jul 2024 07:36:45 GMT content-md5 sy0EPxWxbxuAEd1qt4Cg9w== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 87673 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=26, rtx=0, c=23, mss=1232, tbw=4296, tp=9, tpl=0, uplat=1, ullat=-1 x-fb-debug k7MEfzxLc3GV6CbTiJeeSIU4JDQLluyrsLJ9kpRagtGp0Ms2BnU9TPCVXivXMnuD0iOJH8zKDl5Fi4J0aQ5XVA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-content-md5 b0b39851b8e6df9915ae6d4e2556d466 cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" etag "2ae1b73420cf95e1d5af66c2d6848719" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * origin-agent-cluster ?0 access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" x-frame-options DENY timing-allow-origin * priority u=3,i expires Thu, 24 Jul 2025 06:49:48 GMT
GET H2	200	status www.facebook.com/x/oauth/	0 0	95ms 52ms	Fetch text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/x/oauth/status?client_id=351989911881898&input_token&origin=1&redirect_uri=https%3A%2F%2Flogin-stg.manutd.com%2F&sdk=joey&wants_cookie_data=true Requested by Host: connect.facebook.net URL: https://connect.facebook.net/de_DE/sdk.js?hash=64ed7f50a3fc91f059cf78e8e8af373e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=15552000; preload date Wed, 24 Jul 2024 07:36:45 GMT x-content-type-options nosniff document-policy force-load-at-top x-fb-server-load 16 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 reporting-endpoints default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395103059993007015", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1297, tbw=2797, tp=-1, tpl=-1, uplat=31, ullat=0 pragma no-cache x-fb-debug iWprw8n52aylSs5yQewfhxciMbnLbHwOGrgmOAg4org9DPsrGr/bTgwumF33gh8fqq1uvLtSevZoOnyQpITORw== fb-s unknown report-to {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395103059993007015"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type text/plain; charset=UTF-8 access-control-allow-origin https://login-stg.manutd.com origin-agent-cluster ?0 access-control-expose-headers fb-s cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| phoneUtilSetup object| gigya object| webpackChunkMUFC_form_templates object| intlTelInputGlobals object| regeneratorRuntime object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| intlTelInputUtils object| recaptcha function| fbAsyncInit object| FB object| __buffer

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.login-stg.manutd.com/	1969-12-31 23:59:59	Name: BNI_persistence Value: BMIdHk2rWoAGa3qaH_ZrbRRDfIAP5zCzZ_OIV4J_y529pgmf7hdqEot1Z1JMYAKhMmc06ca5_Ea-odHzgxGVXA==
			.login-stg.manutd.com/	1969-12-31 23:59:59	Name: gig_canary Value: false
			.login-stg.manutd.com/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 16174-3-28696770
			.cdns.eu1.gigya.com/	1970-01-21 07:02:22	Name: apiDomain_3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9 Value: eu1.gigya.com
			.gigya.com/	1970-01-21 07:02:22	Name: gmid Value: gmid.ver4.AtLtBYdaVg.0v3fEtAmhb4VHWBV11D62AX9W_ylXTcGk-uE3Uj7qzzRyaYsYwR-1GNq6-J-1KD4.n6CkHcnxpviqX6i9CHCqwdip7KM4mVC9vdOq7K3FDprI0Cuh5qyfag09SVZz2FyRMqBrQDsG_0nj0U2KpaWDYg.sc3
			.gigya.com/	1970-01-21 07:02:22	Name: ucid Value: Nn-J5jGnwNWFQoeDB-Ktgw
			.gigya.com/	1970-01-21 02:41:47	Name: hasGmid Value: ver4
			.manutd.com/	1970-01-21 07:02:22	Name: gig_bootstrap_3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9 Value: _gigya_ver4
			.cdns.eu1.gigya.com/	1970-01-21 07:02:22	Name: gig_canary_3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9 Value: false
			.cdns.eu1.gigya.com/	1970-01-21 07:02:22	Name: gig_canary_ver_3_Ce_THpW9D4cyWMAQHZ1kbX8mYBjwkBeN1_yRNR_QWJXfZ5t_rrCsVtO1-QCXCcB9 Value: 16174-3-28696770

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://connect.facebook.net/de_DE/sdk.js?hash=64ed7f50a3fc91f059cf78e8e8af373e(Line 52) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' fonts.googleapis.com *.facebook.net *.manutd.com https:". Either the 'unsafe-inline' keyword, a hash ('sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	img-src 'self' *.manutd.com *.gigya.com data: https:; style-src 'self' fonts.googleapis.com *.facebook.net *.manutd.com https:;connect-src *.manutd.com *.gigya.com *.adobedtm.com dpm.demdex.net *.facebook.com;script-src 'self' 'unsafe-eval' 'nonce-eJlkmQTWiB+8LLBNw+DSCHDiMAFnKle8ExfjxCJD4nk=' *.google.com *.manutd.com www.gstatic.com *.gigya.com *.adobedtm.com dpm.demdex.net *.facebook.net;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.manutd.com
cdns.eu1.gigya.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
login-stg.manutd.com
www.facebook.com
www.google.com
www.gstatic.com
142.250.74.196
157.240.0.6
23.205.190.69
2a00:1450:4001:810::2003
2a00:1450:4001:812::2003
2a00:1450:4001:829::200a
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
34.240.138.161
95.101.149.135
02f5dfc0c21e92f3c724260f035833e627513a1b91230cc490a1ea756c95e5e5
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
2b71d1c286568cbca377cc2315018166973c9ff9efb937bcf81b6d1079d9fd2b
2ce180dccf3ee3c1ec0545b8385722755c6d31f3c12d5f8acdbb25938182f06c
34543dc3496fcd1634047cddf72c448348b6a1bd9dff005ee62e16aa3dfe3690
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
83f2d49a62e6646c1cdcfccec7ef806b10a5e38418e339e5ae39942ecda37617
8b6fdb801fba4826a826fe7bd4e93fe4fa7feacff81cd97e8d6c965890bd7820
9625121d7452d4aae274095d6a6c1fa3ac24e9d48dbf026995d7edbb73b50844
9a32cb8e59cbe2521a5eb7deab811c3b71e1a8defad0f0c232470b5813b36c0e
ba33e85f7fa652e33036c98a7aacf81a0ead4ab287f2377e06fa93cae0fdb9f1
cacecf37abfffaf171d8446e65b3abbb19b79a754a581c051add6716b8bfdc5b
df6467bd4f2c7b82b15dfed9f46ff9e95d049ec98d3fdd09ebac6960df0565e6
df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f
f001c3eec92f276c7287a6c8857e2600258467f07d3e8c6d40437551b4b1f154
f5b49f42ab7904a6275858575d1dcf8bb784c9608ed0a1cb96f7a83921926d15