www.tax.service.gov.uk Open in urlscan Pro
18.173.187.82  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request your-pay Show response www.tax.service.gov.uk/estimate-paye-take-home-pay/	15 KB 5 KB	203ms 102ms	Document text/html	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 480065d2bc8627cc6ca84bcf278a93e9b8431949d41157aa1f67ebb2f1ffde4c Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control no-cache,no-store,max-age=0 content-encoding br content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk content-type text/html; charset=UTF-8 date Fri, 07 Jun 2024 15:59:53 GMT referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin server CloudFront strict-transport-security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload vary Accept-Encoding via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-amz-cf-id hB_aidy2J4ecnfSBGEQPNhe8AUjKhUpwHL72tKGl99TF8BzA5WAYvw== x-amz-cf-pop MUC50-P4 x-cache Miss from cloudfront x-content-type-options nosniff x-envoy-upstream-service-time 8 x-frame-options SAMEORIGIN x-permitted-cross-domain-policies master-only x-robots-tag noindex, nofollow x-xss-protection 1; mode=block
GET H2	200	tracking.js Show response www.tax.service.gov.uk/tracking-consent/	60 KB 17 KB	53ms 52ms	Script application/javascript	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/tracking-consent/tracking.js Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 40d1ae5387245b4087e6b06baad343e8ba2b5a69f149d49b532bba73d34d50ba Security Headers Name Value Content-Security-Policy script-src 'nonce-yVZFZ0rRzvnHgDBy4m7bjg==' 'unsafe-inline' 'strict-dynamic' https: http:; report-uri https://www.tax.service.gov.uk/content-security-policy-reports/tracking-consent-frontend; object-src 'none'; base-uri 'none' Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:42:04 GMT content-encoding gzip x-content-type-options nosniff content-security-policy script-src 'nonce-yVZFZ0rRzvnHgDBy4m7bjg==' 'unsafe-inline' 'strict-dynamic' https: http:; report-uri https://www.tax.service.gov.uk/content-security-policy-reports/tracking-consent-frontend; object-src 'none'; base-uri 'none' via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-permitted-cross-domain-policies master-only strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload x-amz-cf-pop MUC50-P4 age 1069 x-cache Hit from cloudfront x-envoy-upstream-service-time 5 content-length 16365 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag "a7bbc2740c8329ad4bd45beec5383336937fed75" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=3600 accept-ranges bytes x-robots-tag noindex, nofollow x-amz-cf-id nfqIlcZ7LAKkG9x2KK3o_eoE4uuALjAc--I8gj1zXXPVfJlfoFPz6Q==
GET H2	200	application.css www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/	158 KB 18 KB	99ms 98ms	Stylesheet text/css	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 3701f0e69d3a38394db06ca3e5e76deec04428f37a08991f5e99faeb15a56d1d Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:57:58 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload content-encoding br x-permitted-cross-domain-policies master-only via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P4 age 115 x-cache Hit from cloudfront x-envoy-upstream-service-time 8 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag W/"4d79a4405871ba45f312d00376a6202b" x-frame-options SAMEORIGIN vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=3600 x-robots-tag noindex, nofollow x-amz-cf-id rC75XR7OpkjlnJF9JvLpHtW0bflBx8_VPgnGGx2sJ-hHtcoM5EnHXQ==
GET H2	200	all.js Show response www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/	176 KB 38 KB	119ms 118ms	Script application/javascript	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/all.js Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash f293c6281772cfc57210e25d787ca350ad81f31686adbb6175bea1c595d64764 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:10:27 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload content-encoding br x-permitted-cross-domain-policies master-only via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P4 age 2966 x-cache Hit from cloudfront x-envoy-upstream-service-time 3 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag W/"3aa144b3fef220efd7b3c8b3293e578a" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=3600 x-robots-tag noindex, nofollow x-amz-cf-id rTuJutPaM9xr_O2FEA6OI8ZZRhj70TIbMfRDhU03n19aUfsUciyV5w==
GET H2	200	all.js Show response www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/hmrc-frontend/hmrc/	50 KB 13 KB	104ms 103ms	Script application/javascript	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/hmrc-frontend/hmrc/all.js Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 6bf20eecf90fe429579545bedf99daf3fb0cd6fb739038745b545c894e579487 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:57:58 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload content-encoding br x-permitted-cross-domain-policies master-only via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P4 age 115 x-cache Hit from cloudfront x-envoy-upstream-service-time 2 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag W/"07e0e65e7b49ecbac7abf36cd151160c" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=3600 x-robots-tag noindex, nofollow x-amz-cf-id 0igbO5JPoBRV_2Q5fTRRWnzpfiT3wmfZ6OuKqBoGvYKRyMR5dGqPQA==
GET H2	200	application.min.js Show response www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/javascripts/	144 KB 44 KB	60ms 60ms	Script application/javascript	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/javascripts/application.min.js Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 984d0ba87ec93f270a43d9aceaf138055d7bddcd2015c009ddfd7c77ae737afe Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:25:20 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload content-encoding br x-permitted-cross-domain-policies master-only via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P4 age 2073 x-cache Hit from cloudfront x-envoy-upstream-service-time 4 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag W/"ea0cc255d42f54311cc0d2c11f67a183" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=3600 x-robots-tag noindex, nofollow x-amz-cf-id jwqi5HCr6faYIY2--AFdzHyERbPeJ3B-cSp3yQCju2zeXiwsYTfrpA==
GET H2	200	androidInstallBanner.js Show response www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/javascripts/	505 B 1 KB	106ms 105ms	Script application/javascript	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/javascripts/androidInstallBanner.js Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 77a51a1ac2fbe4db700582e28b3e2598f07c22c9316cb72feb1e850a6cc8b6dd Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:50:33 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-permitted-cross-domain-policies master-only x-amz-cf-pop MUC50-P4 age 560 x-cache Hit from cloudfront x-envoy-upstream-service-time 4 content-length 505 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag "f05003c00bb01e1c72c27b7ed84c88e1" x-frame-options SAMEORIGIN content-type application/javascript; charset=UTF-8 cache-control public, max-age=3600 accept-ranges bytes x-robots-tag noindex, nofollow x-amz-cf-id DLx2fkQ99F7raAcQhu8QkEc9Sz3qHegE37KHTf4LhgMXwFNPhkZGlg==
GET H2	200	gtm.js Show response www.googletagmanager.com/	478 KB 115 KB	173ms 90ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-NDJKHWK Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/tracking-consent/tracking.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 006c04b0dfb776f830603cac7ff33bf022148ba44e9a443088f30ab0100bcd7c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:59:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 117312 x-xss-protection 0 last-modified Fri, 07 Jun 2024 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 07 Jun 2024 15:59:53 GMT
GET H2	200	govuk-crest.png www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/assets/images/	4 KB 4 KB	71ms 71ms	Image image/png	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/assets/images/govuk-crest.png Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:34:38 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-permitted-cross-domain-policies master-only x-amz-cf-pop MUC50-P4 age 1515 x-cache Hit from cloudfront x-envoy-upstream-service-time 3 content-length 3584 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag "bcd5768bd7721641ee71ba103bb38900" x-frame-options SAMEORIGIN content-type image/png cache-control public, max-age=3600 accept-ranges bytes x-robots-tag noindex, nofollow x-amz-cf-id vkSa25uPz8PVOjd0LZzccDFcLzJWGtEFXoxHglAbm1szZSmJfgCALA==
GET H2	200	bold-b542beb274-v2.woff2 www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/assets/fonts/	31 KB 32 KB	56ms 55ms	Font font/woff2	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/assets/fonts/bold-b542beb274-v2.woff2 Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash 06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Origin https://www.tax.service.gov.uk Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:50:44 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-permitted-cross-domain-policies master-only x-amz-cf-pop MUC50-P4 age 549 x-cache Hit from cloudfront x-envoy-upstream-service-time 3 content-length 31480 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag "b542beb2746ca0e4a5a9aa7ea7767df7" x-frame-options SAMEORIGIN content-type font/woff2 cache-control public, max-age=3600 accept-ranges bytes x-robots-tag noindex, nofollow x-amz-cf-id Uu0rJovC6f3_fyHWPenK6KSE0g4STAuztwo9aNfipxzy1IhR9VZPEg==
GET H2	200	light-94a07e06a1-v2.woff2 www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/assets/fonts/	33 KB 34 KB	61ms 61ms	Font font/woff2	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/lib/govuk-frontend/govuk/assets/fonts/light-94a07e06a1-v2.woff2 Requested by Host: www.tax.service.gov.uk URL: https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/assets/stylesheets/application.css Origin https://www.tax.service.gov.uk Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:50:44 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-permitted-cross-domain-policies master-only x-amz-cf-pop MUC50-P4 age 549 x-cache Hit from cloudfront x-envoy-upstream-service-time 4 content-length 33382 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag "94a07e06a104e76fe40583f74b204aee" x-frame-options SAMEORIGIN content-type font/woff2 cache-control public, max-age=3600 accept-ranges bytes x-robots-tag noindex, nofollow x-amz-cf-id mowvTkok6X-7UPOh1nzmVTqp6yXObkMFIA-lL3MtF7uviX_UL1oyIw==
GET H2	200	favicon.ico www.tax.service.gov.uk/estimate-paye-take-home-pay/hmrc-frontend/assets/govuk/images/	14 KB 15 KB	55ms 55ms	Other image/x-icon	18.173.187.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.tax.service.gov.uk/estimate-paye-take-home-pay/hmrc-frontend/assets/govuk/images/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.187.82 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-187-82.muc50.r.cloudfront.net Software CloudFront / Resource Hash f20b8285392e866956853ce567218d4b237a9c95740915da62c49eb321b234af Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.tax.service.gov.uk/estimate-paye-take-home-pay/your-pay Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 15:34:39 GMT content-security-policy default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload via 1.1 577c189d14f20f4f61c76d2711499f1c.cloudfront.net (CloudFront) x-permitted-cross-domain-policies master-only x-amz-cf-pop MUC50-P4 age 1514 x-cache Hit from cloudfront x-envoy-upstream-service-time 3 content-length 14254 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Fri, 01 Jan 2010 00:00:00 GMT server CloudFront etag "a90776c99cc9bf3d9dbe593284d6bbf6" x-frame-options SAMEORIGIN content-type image/x-icon cache-control public, max-age=3600 accept-ranges bytes x-robots-tag noindex, nofollow x-amz-cf-id JSTsbaipTiFwOxI9cWcb375SdAtzn1F82u9YGYGob8auKnIeK5pyJA==

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| optimizely object| trackingConsent object| GOVUKFrontend object| HMRCFrontend function| numberInputs function| beforePrintCall function| afterPrintCall function| displayDialog function| timeoutDialog object| printLink function| $ function| jQuery object| mediaQueryList object| google_tag_manager object| google_tag_data

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.tax.service.gov.uk/	1970-01-21 06:45:35	Name: mdtpdi Value: mdtpdi#2179663c-f7c7-4bec-b8ab-19efa94c0eab#1717775993381_LrmmD/OtFdZvKACSuOOX/A==
			www.tax.service.gov.uk/	1969-12-31 23:59:59	Name: mdtp Value: RTmkQ3APuDeITJSmoyIdKy7zDfybCsbAINqEpQM4jYROco52HTVWvoU619HEI03QLoicsnNrzfBCh3/eeT0EamMjKOhKsAFFRSUgPl860WitknmLS/WpZhrcptdgjoBaLs/tZUSWYkOUwtYr2ZagyX1pAA/ju1S1WtfEK8f5vCTP/hMXq5NQyS6yNs05Y9EVWUY8UrLwVsh1zRpIz76wOT9LQbSwn7HmsCIEnwBXJRX/B22zWanCCOQOY8yJAZ3Io0/YWdyGcYP0qJ5SkB2TY5I+Hu43OW4XgLQ+se8b2g3LalFERysqFs67

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' localhost:12345 localhost:7788 localhost:9032 localhost:9250 fonts.gstatic.com ssl.gstatic.com data: www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com tagmanager.google.com https://www.tax.service.gov.uk
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.googletagmanager.com
www.tax.service.gov.uk
18.173.187.82
2a00:1450:4001:806::2008
006c04b0dfb776f830603cac7ff33bf022148ba44e9a443088f30ab0100bcd7c
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
3701f0e69d3a38394db06ca3e5e76deec04428f37a08991f5e99faeb15a56d1d
40d1ae5387245b4087e6b06baad343e8ba2b5a69f149d49b532bba73d34d50ba
480065d2bc8627cc6ca84bcf278a93e9b8431949d41157aa1f67ebb2f1ffde4c
6bf20eecf90fe429579545bedf99daf3fb0cd6fb739038745b545c894e579487
77a51a1ac2fbe4db700582e28b3e2598f07c22c9316cb72feb1e850a6cc8b6dd
984d0ba87ec93f270a43d9aceaf138055d7bddcd2015c009ddfd7c77ae737afe
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f20b8285392e866956853ce567218d4b237a9c95740915da62c49eb321b234af
f293c6281772cfc57210e25d787ca350ad81f31686adbb6175bea1c595d64764