urlscan.io logo urlscan.io
SecurityTrails logo

assets.madametussauds.com Open in urlscan Pro
34.250.89.178  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://assets.madametussauds.com/
Effective URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Submission: On July 07 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 34.250.89.178, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is assets.madametussauds.com.
TLS certificate: Issued by R3 on May 13th 2024. Valid for: 3 months.
This is the only time assets.madametussauds.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 14 34.250.89.178 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
15 4
Apex Domain
Subdomains		 Transfer
14 madametussauds.com
assets.madametussauds.com
324 KB
1 gstatic.com
fonts.gstatic.com
20 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 87
885 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1085
65 KB
15 4
Domain Requested by
14 assets.madametussauds.com 2 redirects assets.madametussauds.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com assets.madametussauds.com
1 unpkg.com assets.madametussauds.com
15 4

This site contains no links.

Subject Issuer Validity Valid
assets.madametussauds.com
R3		 2024-05-13 -
2024-08-11		 3 months crt.sh
unpkg.com
GTS CA 1P5		 2024-05-30 -
2024-08-28		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Frame ID: E2F362115C5C581C45ABBDE43800D03A
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login to Madame Tussauds

Page URL History Show full URLs

  1. https://assets.madametussauds.com/ HTTP 302
    https://assets.madametussauds.com/assetbank-madametussauds/ HTTP 302
    https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

15
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

405 kB
Transfer

1135 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://assets.madametussauds.com/ HTTP 302
    https://assets.madametussauds.com/assetbank-madametussauds/ HTTP 302
    https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request viewHome
assets.madametussauds.com/assetbank-madametussauds/action/
Redirect Chain
  • https://assets.madametussauds.com/
  • https://assets.madametussauds.com/assetbank-madametussauds/
  • https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e6cfc8cb32880cc7a627293e57d30fdf715f9f89fcd9f1c8c466245e142e75b5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache,no-store,max-age=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
3067
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Type
text/html;charset=UTF-8
Date
Sun, 07 Jul 2024 10:04:49 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=98
Pragma
No-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Date
Sun, 07 Jul 2024 10:04:48 GMT
Keep-Alive
timeout=5, max=99
Location
action/viewHome
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
mainBundle.css
assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_2007361479/css/ 		367 KB
64 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_2007361479/css/mainBundle.css
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
a01526046a0fd0a6222e4ff4b0da0e3746ea87c94a5d6c0a00afaee0f8919ad4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/css;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=97
Expires
Fri, 07 Jul 2034 10:04:49 GMT
colour-scheme.css
assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_386144673/css/standard/ 		5 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_386144673/css/standard/colour-scheme.css
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
109d9caae8a1c6a1a8c1ef6cc9c351c0d95054add754a0de83b8e5318d42a94e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/css;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=100
Expires
Fri, 07 Jul 2034 10:04:49 GMT
colour-scheme-override.css
assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_1020971728/css/standard/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_1020971728/css/standard/colour-scheme-override.css
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
3435bc9b3d3cbd2ec0064f909421851ac592a3d75d3b965d330918a387f9860c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/css;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=100
Expires
Fri, 07 Jul 2034 10:04:49 GMT
lib-core.js
assets.madametussauds.com/assetbank-madametussauds/js-cached/gzip_N139031596/js/ 		59 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/js-cached/gzip_N139031596/js/lib-core.js
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
47717a3e5eae0ab4ea22e2663e68373d5c053dd9522559a5092d10d0122c20d9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/javascript;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=100
Expires
Fri, 07 Jul 2034 10:04:49 GMT
jquery-bundle.js
assets.madametussauds.com/assetbank-madametussauds/js-cached/gzip_1922928059/js/ 		304 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/js-cached/gzip_1922928059/js/jquery-bundle.js
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
52e859eed66f23e316bb14410ba8cca768a5e6c605a461f0ef584c5bae48cdb6
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/javascript;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=100
Expires
Fri, 07 Jul 2034 10:04:49 GMT
jquery-ui.css
assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_N790911860/css/standard/ 		61 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_N790911860/css/standard/jquery-ui.css
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
8cc953d60847e226c66cd263b50668a008c0b800631ba1124604457ca6d4cc94
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/css;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=100
Expires
Fri, 07 Jul 2034 10:04:49 GMT
bright-core.js
assets.madametussauds.com/assetbank-madametussauds/js-cached/gzip_N338968783/js/ 		68 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/js-cached/gzip_N338968783/js/bright-core.js
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e55b17fe8029c5e4b10562b143a2805c77cd51d16f14c031b1f06147087e78bf
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 06 Nov 2005 12:00:00 GMT
Server
Apache
ETag
2740050219
Content-Type
text/javascript;charset=UTF-8
Cache-Control
public, max-age=315360000, post-check=315360000, pre-check=315360000
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=99
Expires
Fri, 07 Jul 2034 10:04:49 GMT
vue.global.prod.js
unpkg.com/vue@3.4.21/dist/ 		144 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/vue@3.4.21/dist/vue.global.prod.js
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4963101441ded7e420c05665e7c616b2f2e3851c99e1cf8af84d29d6f10e77da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 10:04:49 GMT
content-encoding
br
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
6152193
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HWEZ8EN8RSFBSZ9EQQM6573S-fra
server
cloudflare
etag
"2404e-wkpgTtAyA8+tgcZGmZaELsn9/Ns"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
89f7033909abbbda-FRA
logo.png
assets.madametussauds.com/assetbank-madametussauds/images/standard/ 		8 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/images/standard/logo.png
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
915a70a5d3dd00911741047e745bf34a1616b63b9b2a60be3ec181d72929c559
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 26 Jun 2024 01:22:06 GMT
Server
Apache
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
ETag
W/"8348-1719364926575"
Transfer-Encoding
chunked
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		1 KB
885 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Work+Sans
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_386144673/css/standard/colour-scheme.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
940931f0ba25fcac9201b6265c4b10480f65b5645a845fd90c91e2a38dca20ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sun, 07 Jul 2024 10:04:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 07 Jul 2024 09:00:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 07 Jul 2024 10:04:49 GMT
displayBackgroundImage
assets.madametussauds.com/assetbank-madametussauds/go/ 		19 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/go/displayBackgroundImage?id=101
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d7c819f84d0f151aebe663f1fe9c9badc243b03c54a061d4383c8db14263f5f1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains, max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff, nosniff
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block, 1; mode=block
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
X-Frame-Options
DENY
Content-Type
image/webp
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=99
Expires
0
ab-icons5.woff
assets.madametussauds.com/assetbank-madametussauds/fonts/ 		65 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/assetbank-madametussauds/fonts/ab-icons5.woff
Requested by
Host: assets.madametussauds.com
URL: https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_2007361479/css/mainBundle.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
21468711645a43db477e8134ecb972c1b17e9ce714c5e170d78529d1eaad1eae
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/css-cached/gzip_2007361479/css/mainBundle.css
Origin
https://assets.madametussauds.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 26 Jun 2024 01:22:02 GMT
Server
Apache
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
ETag
W/"66668-1719364922391"
Transfer-Encoding
chunked
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=98
X-XSS-Protection
1; mode=block
QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
fonts.gstatic.com/s/worksans/v19/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v19/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Work+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
996d2f01acc82f075e4de4980849bc80c64fb3756054b5265977636a978728f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://assets.madametussauds.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 15:12:35 GMT
x-content-type-options
nosniff
age
413535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20000
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:54:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Jul 2025 15:12:35 GMT
favicon.ico
assets.madametussauds.com/ 		196 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://assets.madametussauds.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.250.89.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-89-178.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://assets.madametussauds.com/assetbank-madametussauds/action/viewHome
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 10:04:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Content-Security-Policy
default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Content-Type
text/html; charset=iso-8859-1
Connection
Keep-Alive
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=5, max=97
Content-Length
196
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| html5 object| Modernizr function| Popper function| tippy function| $ function| jQuery function| $j function| popupViewAgreement function| popupEditAgreement function| popupConditions function| videoPopup function| audioPopup function| popupPreview function| expand_content function| collapse_content function| showHide object| lbPanel function| moveAssetInLightbox function| ajaxUpdate function| preventTimeout function| splitString function| extractLast function| initJQAutocompleter function| equalHeights function| includesAll function| initDatePicker object| toggleContent function| switchTab function| selectCheckboxes function| toggleState function| toggleClass function| toggleControls function| selectItems function| popupMap function| getSpatialCoords function| setSpatialCoords function| popupMapInit function| viewMapPopupInit function| searchMapPopupInit function| activateSearchTab object| formUtil function| clearCmsMode object| disableRightClick object| autoScrollLog object| clickableTableRows function| findItemWithIdInLists function| findItemWithIdInList function| removeItemWithIdFromList function| isEnterKey function| isArrowDown function| isArrowUp function| isNormalLetterKey function| niceBytes function| formatDimensions function| removeLast function| callRestEndpoint function| analyticCookiesAcceptedAndMixpanelEnabled function| freezeScrollWindow function| thawScrollWindow function| tryToInsertChildrenInTree object| clogger object| navTooltips object| brightModal object| responsiveTabs object| dropdown object| assetModal object| inputNavigation object| popup object| assetPreview object| lbAddRemove object| filterAssets object| clickToggle object| lightbox object| finput object| autoFillOff object| brightNotify object| outlineFocus object| dataTrackingMain object| dataTrackingSearch object| dataTrackingDownload object| onDemandTransformation object| overflowTips object| tippyTooltips object| loadOnDemandImages object| jqDateFormats string| csrfToken string| springCsrfToken string| contextUrl object| Vue

1 Cookies

Domain/Path Name / Value
assets.madametussauds.com/assetbank-madametussauds Name: JSESSIONID
Value: 7F8C703005E7CCDC40C6162606C4325A

1 Console Messages

Source Level URL
Text
network error URL: https://assets.madametussauds.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: *.getbeamer.com *.amazonaws.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.zdassets.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com unpkg.com *.assetbank.app *.assetbank.co.uk *.brandstencil.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.getbeamer.com *.hotjar.com cdn.mxpnl.com *.mixpanel.com cdn.jsdelivr.net; style-src blob: 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com *.autodesk.com *.brandstencil.com *.googleapis.com *.getbeamer.com *.typekit.net accounts.google.com; object-src 'self' *.amazonaws.com *.cloudfront.net; worker-src 'self' blob:; img-src 'self' *.autodesk.com *.hotjar.com *.hotjar.io *.amazonaws.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.assetbank.co.uk analytics.bright-interactive.com *.google-analytics.com stats.g.doubleclick.net *.brandstencil.com *.cookielaw.org *.getbeamer.com data: blob:; font-src 'self' data: *.autodesk.com *.gstatic.com *.hotjar.com use.typekit.net; connect-src 'self' *.googleapis.com *.amazonaws.com *.cloudfront.net hcaptcha.com *.hcaptcha.com wss://*.hotjar.com *.autodesk.com *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com *.google-analytics.com accounts.google.com *.cookielaw.org *.doubleclick.net *.onetrust.com blob: *.getbeamer.com wss://*.getbeamer.com *.mixpanel.com; frame-src 'self' hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.herokuapp.com *.bright-interactive.com *.assetbank.app *.google.com *.brandstencil.com *.officeapps.live.com *.youtube.com *.getbeamer.com;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block