Submitted URL: https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqM...
Effective URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_z...
Submission: On May 19 via api from US

Summary

This website contacted 25 IPs in 5 countries across 16 domains to perform 48 HTTP transactions. The main IP is 52.222.190.86, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.headspace.com.
TLS certificate: Issued by Amazon on October 29th 2019. Valid for: a year.
This is the only time www.headspace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
16 52.222.190.86 16509 (AMAZON-02)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a04:4e42:3::621 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.222.190.49 16509 (AMAZON-02)
2 52.222.190.114 16509 (AMAZON-02)
1 23.45.99.37 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.42.16.219 16625 (AKAMAI-AS)
1 2a04:4e42:600... 54113 (FASTLY)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 54.230.182.187 16509 (AMAZON-02)
1 2a02:2638:1::3 44788 (ASN-CRITE...)
3 152.199.23.241 15133 (EDGECAST)
1 2600:9000:207... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 54.230.182.7 16509 (AMAZON-02)
1 2a04:4e42:1b:... 54113 (FASTLY)
3 2a04:4e42:200... 54113 (FASTLY)
2 2600:9000:207... 16509 (AMAZON-02)
1 54.70.66.36 16509 (AMAZON-02)
3 23.210.248.189 16625 (AKAMAI-AS)
1 52.55.64.227 14618 (AMAZON-AES)
48 25
Domain Requested by
16 www.headspace.com get.headspace.com
www.headspace.com
3 ct.pinterest.com s.pinimg.com
www.headspace.com
3 jssdks.mparticle.com jssdkcdns.mparticle.com
3 tags.tiqcdn.com cdn-akamai.mookie1.com
tags.tiqcdn.com
2 api2.branch.io cdn.branch.io
2 s.pinimg.com www.googletagmanager.com
s.pinimg.com
2 static.headspace.com www.headspace.com
2 get.headspace.com 1 redirects
1 logx.optimizely.com www.headspace.com
1 api.amplitude.com cdn.amplitude.com
1 identity.mparticle.com jssdkcdns.mparticle.com
1 cdn.amplitude.com jssdkcdns.mparticle.com
1 www.google-analytics.com jssdkcdns.mparticle.com
1 app.link cdn.branch.io
1 static.criteo.net www.googletagmanager.com
1 d1fc8wv8zag5ca.cloudfront.net get.headspace.com
1 jssdkcdns.mparticle.com get.headspace.com
1 cdn-akamai.mookie1.com www.headspace.com
1 cdnjs.cloudflare.com www.headspace.com
1 a11673470095.cdn.optimizely.com cdn.optimizely.com
1 cdn.branch.io www.headspace.com
1 www.googletagmanager.com www.headspace.com
1 cdn.polyfill.io www.headspace.com
1 cdn.optimizely.com www.headspace.com
48 24
Subject Issuer Validity Valid
get.headspace.com
CloudFlare Inc ECC CA-2
2020-01-11 -
2020-10-09
9 months crt.sh
*.headspace.com
Amazon
2019-10-29 -
2020-11-29
a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA
2020-01-20 -
2021-03-20
a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-04-16 -
2021-04-17
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-04-28 -
2020-07-21
3 months crt.sh
*.branch.io
DigiCert SHA2 Secure Server CA
2018-12-05 -
2020-12-08
2 years crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018
2020-03-05 -
2021-06-04
a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months crt.sh
cdn-akamai.mookie1.com
DigiCert SHA2 Secure Server CA
2020-01-07 -
2021-01-07
a year crt.sh
jssdkcdns.mparticle.com
Let's Encrypt Authority X3
2020-05-06 -
2020-08-04
3 months crt.sh
*.pinterest.com
DigiCert SHA2 High Assurance Server CA
2019-06-05 -
2020-07-22
a year crt.sh
*.cloudfront.net
DigiCert Global CA G2
2019-07-17 -
2020-07-05
a year crt.sh
*.criteo.net
DigiCert ECC Secure Server CA
2020-03-30 -
2020-06-28
3 months crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA
2020-03-17 -
2022-06-17
2 years crt.sh
appipv4.link
Amazon
2019-08-19 -
2020-09-19
a year crt.sh
cdn.amplitude.com
Amazon
2019-12-16 -
2021-01-16
a year crt.sh
identity.mparticle.com
Go Daddy Secure Certificate Authority - G2
2019-05-27 -
2021-07-17
2 years crt.sh
jssdks.mparticle.com
Let's Encrypt Authority X3
2020-05-06 -
2020-08-04
3 months crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA
2020-02-18 -
2022-02-13
2 years crt.sh
logx.optimizely.com
DigiCert SHA2 High Assurance Server CA
2018-10-01 -
2020-10-05
2 years crt.sh

This page contains 3 frames:

Primary Page: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Frame ID: C040E15304072AEC59A9AF9652AC8272
Requests: 47 HTTP requests in this frame

Frame: https://a11673470095.cdn.optimizely.com/client_storage/a11673470095.html
Frame ID: E79F45F57D225D5C06BBD2861E351EFB
Requests: 1 HTTP requests in this frame

Frame: https://tags.tiqcdn.com/utag/xaxis/-headspace/prod/mobile.html?order_id=&order_total=0.00&order_subtotal=0.00&lbData_MP1=&refAction=email-hs_email&refContent=88170478&order_currency=USD&xaxis_title=&xaxis_hash=&xaxis_domain=www.headspace.com&xaxis_pathname=%2Fterms-and-conditions&xaxis_url=https%3A%2F%2Fwww.headspace.com%2Fterms-and-conditions%3Futm_source%3Dhs_email%26utm_medium%3Demail%26utm_content%3D88170478%26_hsenc%3Dp2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU%26_hsmi%3D88170478&xaxis_referrer=
Frame ID: 545535A665F0622F8D9A7C3233A041B1
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjv... Page URL
  2. https://get.headspace.com/events/public/v1/track/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7b... HTTP 307
    https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=881704... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /cdn\.amplitude\.com/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

48
Requests

100 %
HTTPS

54 %
IPv6

16
Domains

24
Subdomains

25
IPs

5
Countries

1408 kB
Transfer

3569 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11 Page URL
  2. https://get.headspace.com/events/public/v1/track/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11?_ud=63d853bf-3ed1-4db3-a2b3-6cf544c882ba&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
    https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-v...
get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/
9 KB
3 KB
Document
General
Full URL
https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:79b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8174ef6dde1f88760c8b86d737eaad0ba4700ec0ba273c19ab94eba66922d460

Request headers

:method
GET
:authority
get.headspace.com
:scheme
https
:path
/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 19 May 2020 17:56:25 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d220cbd31fa0789452412671b3bd75ef11589910985; expires=Thu, 18-Jun-20 17:56:25 GMT; path=/; domain=.get.headspace.com; HttpOnly; SameSite=Lax __cfruid=ad29c43dd21a2a7afdcab8e55d3777dcdc7905c0-1589910985; path=/; domain=.get.headspace.com; HttpOnly; Secure; SameSite=None
cf-ray
595fb1cbddc7d6e1-FRA
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer
server
cloudflare
content-encoding
br
cf-request-id
02cfad736b0000d6e13f272200000001
Primary Request terms-and-conditions
www.headspace.com/
Redirect Chain
  • https://get.headspace.com/events/public/v1/track/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8W...
  • https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-E...
41 KB
45 KB
Document
General
Full URL
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Requested by
Host: get.headspace.com
URL: https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/ Next.js 7.0.3
Resource Hash
517707945ff392cd1ae6b91d1b411d3a4218bbb31d8429798a7374359977f2d4
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.headspace.com
:scheme
https
:path
/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11

Response headers

status
500
content-type
text/html; charset=utf-8
content-length
42410
date
Tue, 19 May 2020 17:56:26 GMT
set-cookie
AWSALB=nAt7eluirH/vvXfk6KwFmlkCKUiZaDSQVQxKOqJEnVHQdX6i83w6nqLsW9Iz+3EoXF08HS4qB1hiu3IhlYQyVcOdj0BQhvvA/cLxAA/6B9vlBdqduSB6+SvjIEcz; Expires=Tue, 26 May 2020 17:56:26 GMT; Path=/ AWSALBCORS=nAt7eluirH/vvXfk6KwFmlkCKUiZaDSQVQxKOqJEnVHQdX6i83w6nqLsW9Iz+3EoXF08HS4qB1hiu3IhlYQyVcOdj0BQhvvA/cLxAA/6B9vlBdqduSB6+SvjIEcz; Expires=Tue, 26 May 2020 17:56:26 GMT; Path=/; SameSite=None; Secure _sp_id.8a05=8f840819-d8d3-4d1a-af5c-728eae1675e7.1589910986.0.1589910986..395b80d7-623d-444a-8e5e-b8c962b2e2d4; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 20 May 2020 02:42:02 GMT; Secure countryCode=NL; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 20 May 2020 02:42:02 GMT; Secure cookiePolicyMarketing=not-set; Max-Age=7776; Domain=.headspace.com; Path=/; Expires=Tue, 19 May 2020 20:06:02 GMT; Secure cookiePolicyAnalytics=not-set; Max-Age=7776; Domain=.headspace.com; Path=/; Expires=Tue, 19 May 2020 20:06:02 GMT; Secure lang=en; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 20 May 2020 02:42:02 GMT; Secure lang=en; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 20 May 2020 02:42:02 GMT; Secure
vary
Origin
feature-policy
geolocation 'none'; microphone 'none';
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains
x-download-options
noopen
x-content-type-options
nosniff
x-xss-protection
1; mode=block
referrer-policy
same-origin
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-powered-by
Next.js 7.0.3
etag
"a5aa-NOoRUhjMH2dUiJ2IitEt++Tg3Us"
access-control-allow-headers
authorization,content-type,x-requested-with
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials
true
x-cache
Error from cloudfront
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
x-amz-cf-pop
HAM50-C2
x-amz-cf-id
br1XaA7UWpG4gGPh-7gNbUYyrn8khoUK1SSpcV6qNDPj0a4tPrbtlw==

Redirect headers

status
307
date
Tue, 19 May 2020 17:56:25 GMT
location
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
cf-ray
595fb1cc7809d6e1-FRA
link
<https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478>; rel="canonical"
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer
x-robots-tag
none
server
cloudflare
cf-request-id
02cfad73cf0000d6e13f27b200000001
_app.js
www.headspace.com/_next/static/rqyw2sppT1g1gXXpLYSYc/pages/
627 KB
212 KB
Script
General
Full URL
https://www.headspace.com/_next/static/rqyw2sppT1g1gXXpLYSYc/pages/_app.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
a34c19524cc510c06cab6bb21fc8d6974e13203ff1727626d137a73f88cb2e41
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"9cdc9-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
T5ci-A4ZMVC9gY33LsgcKfuwkLb3nlnEH9bcc0-ko9b0X_Z4GUF_4A==
access-control-allow-credentials
true
_error.js
www.headspace.com/_next/static/rqyw2sppT1g1gXXpLYSYc/pages/
20 KB
9 KB
Script
General
Full URL
https://www.headspace.com/_next/static/rqyw2sppT1g1gXXpLYSYc/pages/_error.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
6a66bf2110b9409a61c2c0b40c95991dd78f5cc34d8c4429785b3501841cb54a
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"509c-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
QQX7RWQqZyDh1Vh6pTnRA58qW18lYiMMbMlELS34aY-XGmiCiz4Edw==
access-control-allow-credentials
true
webpack-23a190b45fc653bfb291.js
www.headspace.com/_next/static/runtime/
2 KB
4 KB
Script
General
Full URL
https://www.headspace.com/_next/static/runtime/webpack-23a190b45fc653bfb291.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
a09bdb333bae465de4250fe824f3e1142cb07e22ab746e63f7f7ef999653e8ff
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"92e-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
KTfYpqZ3lxNAHKl7EuIaLpg6_jFiQnw_WL7fr4ZE_bXPxCoK6KjTqg==
access-control-allow-credentials
true
commons.6b0a8655cac3ff2daafc.js
www.headspace.com/_next/static/chunks/
875 KB
299 KB
Script
General
Full URL
https://www.headspace.com/_next/static/chunks/commons.6b0a8655cac3ff2daafc.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
513ec264d0d9bcb4883b5fc9c3d5660aff4364f2f56b50bfc78add86d707a199
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"daa7e-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
ZkmtFQmywmg7YEQy8rnZpLa_PWvD9JuQvPOs8j5ZV9navB0-SSYTyg==
access-control-allow-credentials
true
main-2fc14f1bd6470e644656.js
www.headspace.com/_next/static/runtime/
11 KB
7 KB
Script
General
Full URL
https://www.headspace.com/_next/static/runtime/main-2fc14f1bd6470e644656.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
a82c8493d477e2ef23955dcc9e1a0dcd9553dc7fa954040c0b31b3f168502a5e
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"2af4-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
qVLEAC0Xr2RDf129FSsNnu756cvzmPZxIcobAFMrbwSMphdcsLgI2Q==
access-control-allow-credentials
true
styles.d2defb26bc99ce4b771a.js
www.headspace.com/_next/static/chunks/
105 B
3 KB
Script
General
Full URL
https://www.headspace.com/_next/static/chunks/styles.d2defb26bc99ce4b771a.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
c5a6611959ec6019bff42082fdea52f51798ff3bd70fb0f124a07ae542252064
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"69-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
MdLlLe9q4RBaAjRUOoUpMlj0JNsxqCEgy4F2W0mOZftWBUZvacZc2w==
access-control-allow-credentials
true
styles.15ca4063.chunk.css
www.headspace.com/_next/static/css/
13 KB
5 KB
Stylesheet
General
Full URL
https://www.headspace.com/_next/static/css/styles.15ca4063.chunk.css
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
b5d18443c635b7a16ef48219eb5f507cbc1331e1543c3bbc317cf2f26f47e8c0
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"347b-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
text/css; charset=UTF-8
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=0
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
wRQoUyBEQf2ZXbuv3L-kAhRHPVBLw1G2GR468t1dXl6oHKe-ZbPFCA==
access-control-allow-credentials
true
11673470095.js
cdn.optimizely.com/js/
292 KB
89 KB
Script
General
Full URL
https://cdn.optimizely.com/js/11673470095.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:284::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ed701b7b3e481a10fba82b402a62c68e275d4a098c3518df7747961ec1115744
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
ylEsX9xsCchbGy8d.uFJeXrgp3lMPQKr
content-encoding
gzip
etag
"e70c88ea0f4357657b605c7777cebf29"
x-amz-request-id
CB41504828010CFA
status
200
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:284::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
90563
x-amz-id-2
v63/eM/8UldGeIni/+NufrQu72yrRMfBcVGveDiypVzAMu01SF3504LKIuowU8PAlWVC8DUEO08=
last-modified
Fri, 15 May 2020 20:37:14 GMT
server
AmazonS3
date
Tue, 19 May 2020 17:56:26 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
x-amz-meta-revision
646
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
logo.svg
www.headspace.com/static/images/
4 KB
4 KB
Image
General
Full URL
https://www.headspace.com/static/images/logo.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
1814b26be6374891fe3ebd2dc02797861ceca8c7836c6c037e06a35e94780e9b
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"1004-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
MSQR0miW2RkJp_9uK_F8hjBU2V-OTh7VaxRfHHdiWq7DOhIiWhHtIA==
access-control-allow-credentials
true
polyfill.min.js
cdn.polyfill.io/v2/
222 B
643 B
Script
General
Full URL
https://cdn.polyfill.io/v2/polyfill.min.js?features=IntersectionObserver%2CArray.from
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
581670
detected-user-agent
Chrome/74.0.3729
status
200
request_came_from_shield
FRA
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=8, HIT-CLUSTER, fastly;desc="Edge time";dur=2
content-length
126
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 May 2020 15:19:12 GMT
date
Tue, 19 May 2020 17:56:26 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/74.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
gtm.js
www.googletagmanager.com/
171 KB
48 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2607cd9aff4fe580c54fca06df7eb678e4eddb5e96a04f7a9e40faf50e0d3ccc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
br
vary
*
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49031
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
branch-latest.min.js
cdn.branch.io/
77 KB
23 KB
Script
General
Full URL
https://cdn.branch.io/branch-latest.min.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.49 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-49.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ce0af26a33dbf8034a0f13214bff3065273f56b42c341a81b18bbd72e9ae976

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
lBD18HpOfsX1wwpc_Qxr_kNzc3sKN8wd
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Mon, 06 Apr 2020 19:26:50 GMT
Server
AmazonS3
Age
239
ETag
"679c46452ad6065e9fc48f5cc0478185"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 42d6fa6bba37b1a120fb1adae0e0e8c8.cloudfront.net (CloudFront)
Cache-Control
max-age=300
Date
Tue, 19 May 2020 17:52:29 GMT
X-Amz-Cf-Pop
HAM50-C2
Content-Length
23130
X-Amz-Cf-Id
f4SdN58xV2MAXnOPWVOH0BfXFjNf0CtdwZuhaXMgfnnR8AIV9IkiSw==
icons.svg
www.headspace.com/static/
34 KB
15 KB
Other
General
Full URL
https://www.headspace.com/static/icons.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
d89b63406de97fcad69446cdc0456ec7f3132d5aa946a83f41089d8971e5267a
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"892a-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=0
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
VAB_s3Au4xA7mSSSrQ1Tyk6_mxSNZfIeoyrhaGv1iBm0EF60O3E8TA==
access-control-allow-credentials
true
truncated
/
26 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
apercu_regular.woff2
static.headspace.com/fonts/apercu/
20 KB
21 KB
Font
General
Full URL
https://static.headspace.com/fonts/apercu/apercu_regular.woff2
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.114 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-114.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e918a3fcb44e725952c49774404f5564c0e5bf79fe03fdd78ec2034561153672

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
Origin
https://www.headspace.com

Response headers

date
Fri, 15 May 2020 00:32:06 GMT
via
1.1 76f038ba37b9e8fa604be08778b9f787.cloudfront.net (CloudFront)
age
408261
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
content-length
20864
last-modified
Tue, 26 Nov 2019 18:20:22 GMT
server
AmazonS3
etag
"59469dee6787197930bd94880c1ecc00"
access-control-max-age
3600
access-control-allow-methods
GET
x-amz-version-id
null
access-control-allow-origin
*
access-control-expose-headers
ETag
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/font-woff2
x-amz-cf-id
CHMXe3M-ioJt1mNy1ozCdHzmFkZdHUWwBPp-g_nfZuC6j5j15GG2tw==
apercu_bold.woff2
static.headspace.com/fonts/apercu/
21 KB
21 KB
Font
General
Full URL
https://static.headspace.com/fonts/apercu/apercu_bold.woff2
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.114 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-114.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
88a83d6555af69a761e9d9c92ec7b587a1de45c95e4365ab8ef3d0abeb823ff0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
Origin
https://www.headspace.com

Response headers

date
Fri, 15 May 2020 00:32:06 GMT
via
1.1 76f038ba37b9e8fa604be08778b9f787.cloudfront.net (CloudFront)
age
408261
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
content-length
21048
last-modified
Thu, 10 Oct 2019 16:39:26 GMT
server
AmazonS3
etag
"051d6e318abfad4e63ce09e483b5faee"
access-control-max-age
3600
access-control-allow-methods
GET
x-amz-version-id
null
access-control-allow-origin
*
access-control-expose-headers
ETag
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
binary/octet-stream
x-amz-cf-id
l-_2YPyUu6LywhQr-7vFV4brZdQkxSf88DCFYSTtJjJvb-DkoEmrYQ==
a11673470095.html
a11673470095.cdn.optimizely.com/client_storage/ Frame E79F
0
0
Document
General
Full URL
https://a11673470095.cdn.optimizely.com/client_storage/a11673470095.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/11673470095.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.99.37 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-45-99-37.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

:method
GET
:authority
a11673470095.cdn.optimizely.com
:scheme
https
:path
/client_storage/a11673470095.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
x-amz-id-2
LCHQE3uPKtcem/EPkIvCLE2EO7JaN8JFdgRlIFCUMIsD9kMesTo5v6Pqd0RGUef666Hp3weeckg=
x-amz-request-id
45B8FAE1143160BB
x-amz-replication-status
COMPLETED
last-modified
Fri, 15 May 2020 20:37:09 GMT
etag
"5f5857d32a698180290751f30b93bc42"
cache-control
max-age=120
x-amz-meta-pci_enabled
False
content-encoding
gzip
x-amz-version-id
r0pxeefOsZTtkNPN_QpeJcP_ZEl4Ugwc
accept-ranges
bytes
content-type
text/html; charset=utf-8
content-length
795
server
AmazonS3
vary
Accept-Encoding
date
Tue, 19 May 2020 17:56:27 GMT
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="16";dur=0,cdnip;desc="23.45.99.37";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
svg4everybody.min.js
cdnjs.cloudflare.com/ajax/libs/svg4everybody/1.0.0/
970 B
697 B
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/svg4everybody/1.0.0/svg4everybody.min.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da4fae0ee0fcb340c3d5944c2916e04b610c1b27bf569218fd8b9004d5cac504
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
26664840
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
02cfad78bb0000d6c1d109e200000001
served-in-seconds
0.000
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:26:56 GMT
server
cloudflare
etag
W/"5afd4ae0-3ca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
595fb1d45913d6c1-FRA
expires
Sun, 09 May 2021 17:56:26 GMT
LightningBolt.js
cdn-akamai.mookie1.com/LB/
25 KB
7 KB
Script
General
Full URL
https://cdn-akamai.mookie1.com/LB/LightningBolt.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.42.16.219 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-42-16-219.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
379090e9be167f3d4ada299b739f43067ea015807f6bc31a3c18b0b877aa986a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 19 May 2020 17:56:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Connection
keep-alive
Content-Length
6731
Last-Modified
Wed, 08 Apr 2020 13:43:02 GMT
Server
AkamaiNetStorage
ETag
"061684841fcb99aa4d546e0839546086:1586353382.216789"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 20 May 2020 17:56:27 GMT
mparticle.js
jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/
951 KB
411 KB
Script
General
Full URL
https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Requested by
Host: get.headspace.com
URL: https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
67f9544afd856cd9e5c20eb98be05c3a4203de9ef9e48123645388213b4461ac

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:26 GMT
content-encoding
gzip
age
1761
x-origin-name
fastlyshield--shield_ssl_cache_dca17769_DCA
x-cache
HIT, HIT
status
200
x-cache-hits
1, 3
content-length
420462
x-served-by
cache-dca17769-DCA, cache-fra19164-FRA
server
Kestrel
x-timer
S1589910987.988342,VS0,VE0
vary
Accept, Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 19 May 2020 18:27:05 GMT
core.js
s.pinimg.com/ct/
1 KB
752 B
Script
General
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:294::1931 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
9b154c614752acfcba108c51c9540acd198d9a673563d013eb0b481e5fa70b60

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-encoding
gzip
x-cdn
akamai
etag
"bf115431d0c25afe5078372c501b4d66"
vary
Accept-Encoding, Origin
content-type
application/javascript
status
200
cache-control
max-age=7200
x-fallback
51f9fb19-2.16.186.244
accept-ranges
bytes
content-length
585
sp.js
d1fc8wv8zag5ca.cloudfront.net/2.6.1/
73 KB
26 KB
Script
General
Full URL
https://d1fc8wv8zag5ca.cloudfront.net/2.6.1/sp.js
Requested by
Host: get.headspace.com
URL: https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.182.187 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-182-187.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5cfd7a812a15d3765357ffb2a9b187008c34aff5b77556ba032de395f437ba40

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 16:29:31 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Thu, 14 Apr 2016 15:30:15 GMT
Server
AmazonS3
Age
1733217
ETag
"867a18e9267c612557bd7e89a1a485f4"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 5828aeb3ed46863908c51896fd6ce33e.cloudfront.net (CloudFront)
Cache-Control
max-age=315360000
X-Amz-Cf-Pop
HAM50-C3
Accept-Ranges
bytes
Content-Length
25905
X-Amz-Cf-Id
bFKRrVzDPubx9ABDZUTLypNdi7FZhzzdLoQhjhcysnN9ilDunWXjmA==
ld.js
static.criteo.net/js/ld/
29 KB
10 KB
Script
General
Full URL
https://static.criteo.net/js/ld/ld.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
6a60018cab3d38d035188490d869d5dc1283a7dd115917226df457ca92887f7f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
last-modified
Mon, 16 Dec 2019 15:00:50 GMT
server
nginx
etag
W/"5df79c22-7533"
status
200
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
timing-allow-origin
*
expires
Wed, 20 May 2020 17:56:27 GMT
utag.js
tags.tiqcdn.com/utag/xaxis/headspace.com/prod/
22 KB
8 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/xaxis/headspace.com/prod/utag.js
Requested by
Host: cdn-akamai.mookie1.com
URL: https://cdn-akamai.mookie1.com/LB/LightningBolt.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B1A) /
Resource Hash
38086780da1ae241464c5c6c6797e7625057d352c4de31c56017aaa67a56a8d7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
last-modified
Fri, 24 Apr 2020 20:44:25 GMT
server
ECAcc (ama/8B1A)
age
290
etag
"2672278831"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
7661
expires
Tue, 19 May 2020 18:01:27 GMT
_r
app.link/
90 B
727 B
Script
General
Full URL
https://app.link/_r?sdk=web2.53.1&branch_key=key_live_mcdUiF9uYBpZ5OEBEK0jqoflzzlbD4dt&callback=branch_callback__0
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2070:c000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.13.6.2 / Express
Resource Hash
9f9084a28e172e3f95d5e7529eeef13f393d472d519dc4748d7f7089339c0ddc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 19 May 2020 17:56:27 GMT
Via
1.1 85e4c30db6ed9459bdead04635e1ab69.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Server
openresty/1.13.6.2
X-Amz-Cf-Pop
HAM50-C3
X-Powered-By
Express
X-Cache
Miss from cloudfront
Content-Type
text/javascript; charset=utf-8
Connection
keep-alive
Content-Length
90
ETag
W/"5a-wXpzmd+RhzkNcrbvsOJlZRnZFFA"
X-Amz-Cf-Id
Zk9kloJ--u2UaT336nvsgN-GtcbkwL91nnk8p_dbI767lhfesjUgAw==
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
3608
date
Tue, 19 May 2020 16:56:19 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Tue, 19 May 2020 18:56:19 GMT
amplitude-4.2.1-min.gz.js
cdn.amplitude.com/libs/
68 KB
23 KB
Script
General
Full URL
https://cdn.amplitude.com/libs/amplitude-4.2.1-min.gz.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.182.7 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-182-7.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
56e81c364da2cf5172aa095f02558ee2f440585d21cbe8d6746a0e473c0c8e2c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:29:28 GMT
content-encoding
gzip
age
1733220
x-cache
Hit from cloudfront
status
200
content-length
23404
last-modified
Mon, 21 Oct 2019 15:45:35 GMT
server
AmazonS3
etag
"addb3457c5f65c867ae2be9606542893"
x-amz-version-id
2PesFonHu677Rw5PZ53UUToyHVzesxrU
via
1.1 37a8538fed1be46ab7adb41198e40182.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C3
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
rBL__W5tvwOSSSTZWh3sP0ak43acJ0VojpR0V15zlqcCWbPKVjKmVg==
identify
identity.mparticle.com/v1/
175 B
263 B
XHR
General
Full URL
https://identity.mparticle.com/v1/identify
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
924acd657cae6f477285200745384e2e891a8ddb165b87a725af69dd4aad65b3
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

x-mp-key
580aa567c0d972439cf41d95730011ed
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
status
200
server
Kestrel
x-timer
S1589910987.155746,VS0,VE107
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-hhn4071-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=900
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
Events
jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/
41 B
120 B
XHR
General
Full URL
https://jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/Events
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
31ae141d8859a9f1b78def6a754ef263abee60284dea31b840e7d45f3a5318e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
status
202
server
Kestrel
x-timer
S1589910987.351333,VS0,VE47
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by
cache-fra19131-FRA
vary
Accept-Encoding
x-cache
MISS
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
Forwarding
jssdks.mparticle.com/v1/JS/580aa567c0d972439cf41d95730011ed/
0
196 B
XHR
General
Full URL
https://jssdks.mparticle.com/v1/JS/580aa567c0d972439cf41d95730011ed/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1589910987.351229,VS0,VE2
status
202
x-served-by
cache-fra19131-FRA
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
Events
jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/
41 B
156 B
XHR
General
Full URL
https://jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/Events
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
31ae141d8859a9f1b78def6a754ef263abee60284dea31b840e7d45f3a5318e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
status
202
server
Kestrel
x-timer
S1589910987.351181,VS0,VE3
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by
cache-fra19131-FRA
vary
Accept-Encoding
x-cache
MISS
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
utag.js
tags.tiqcdn.com/utag/xaxis/-headspace/prod/
34 KB
10 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/xaxis/-headspace/prod/utag.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/xaxis/headspace.com/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B22) /
Resource Hash
becaacd484e24beb84e74eefd4926847a13f11f66ab42ebbcfd2ff8a2f296259

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
content-encoding
gzip
last-modified
Thu, 14 May 2020 19:19:36 GMT
server
ECAcc (ama/8B22)
age
273
etag
"2641068622"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
9950
expires
Tue, 19 May 2020 18:01:27 GMT
main.497c546a.js
s.pinimg.com/ct/lib/
48 KB
17 KB
Script
General
Full URL
https://s.pinimg.com/ct/lib/main.497c546a.js
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:294::1931 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
ffedbc3bb69866027705be1b0d108d7a89ccff90f1a8ee41618dac21e79473e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-encoding
gzip
x-cdn
akamai
etag
"f6cce5f69749ac01d6218cb91309b30d"
vary
Accept-Encoding, Origin
content-type
application/javascript
status
200
cache-control
max-age=1209600
x-fallback
51f9fdf3-2.16.186.244
accept-ranges
bytes
content-length
16847
open
api2.branch.io/v1/
271 B
559 B
XHR
General
Full URL
https://api2.branch.io/v1/open
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2070:7800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.13.6.2 /
Resource Hash
7810bbcff2a1e41e7b348d30a5f6d1574d7530cf94ea9b12d6d1e5d847178e19

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
via
1.1 3f7bd14926d2704d3a00300bdc9dae98.cloudfront.net (CloudFront)
server
openresty/1.13.6.2
x-amz-cf-pop
HAM50-C3
status
200
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache
content-length
271
x-amz-cf-id
NC4ILmLIV-bU9xzAahSArOjrQHTUEQm5oXxiuEfxe2pQBTVkeAvo1g==
/
api.amplitude.com/
7 B
167 B
XHR
General
Full URL
https://api.amplitude.com/
Requested by
Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-4.2.1-min.gz.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.70.66.36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-70-66-36.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

status
200
date
Tue, 19 May 2020 17:56:27 GMT
access-control-allow-origin
*
content-length
7
strict-transport-security
max-age=15768000
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
mobile.html
tags.tiqcdn.com/utag/xaxis/-headspace/prod/ Frame 5455
0
0
Document
General
Full URL
https://tags.tiqcdn.com/utag/xaxis/-headspace/prod/mobile.html?order_id=&order_total=0.00&order_subtotal=0.00&lbData_MP1=&refAction=email-hs_email&refContent=88170478&order_currency=USD&xaxis_title=&xaxis_hash=&xaxis_domain=www.headspace.com&xaxis_pathname=%2Fterms-and-conditions&xaxis_url=https%3A%2F%2Fwww.headspace.com%2Fterms-and-conditions%3Futm_source%3Dhs_email%26utm_medium%3Demail%26utm_content%3D88170478%26_hsenc%3Dp2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU%26_hsmi%3D88170478&xaxis_referrer=
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/xaxis/-headspace/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B0A) /
Resource Hash

Request headers

:method
GET
:authority
tags.tiqcdn.com
:scheme
https
:path
/utag/xaxis/-headspace/prod/mobile.html?order_id=&order_total=0.00&order_subtotal=0.00&lbData_MP1=&refAction=email-hs_email&refContent=88170478&order_currency=USD&xaxis_title=&xaxis_hash=&xaxis_domain=www.headspace.com&xaxis_pathname=%2Fterms-and-conditions&xaxis_url=https%3A%2F%2Fwww.headspace.com%2Fterms-and-conditions%3Futm_source%3Dhs_email%26utm_medium%3Demail%26utm_content%3D88170478%26_hsenc%3Dp2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU%26_hsmi%3D88170478&xaxis_referrer=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
content-encoding
gzip
accept-ranges
bytes
age
701
cache-control
max-age=3600
content-type
text/html
date
Tue, 19 May 2020 17:56:27 GMT
etag
"4281920267"
expires
Tue, 19 May 2020 18:56:27 GMT
last-modified
Fri, 24 Apr 2020 20:46:24 GMT
server
ECAcc (ama/8B0A)
vary
Accept-Encoding
x-cache
HIT
content-length
299
/
ct.pinterest.com/user/
35 B
486 B
XHR
General
Full URL
https://ct.pinterest.com/user/?tid=2613695941317&ov=%7B%22np%22%3A%22gtm%22%7D&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1589910987494
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.497c546a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.189 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-189.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
95
date
Tue, 19 May 2020 17:56:27 GMT
x-cdn
akamai
x-edgeconnect-midmile-rtt
88
pragma
no-cache
status
200
x-envoy-upstream-service-time
1
x-pinterest-rid
1173940270187337
pin-unauth
ZTViN2E3MWYtMDIyMS00ODM1LWI5Y2UtMjliZTI4YzU2NGMw
x-edgeconnect-cache-status
0
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
content-type
image/gif
access-control-allow-origin
https://www.headspace.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/
35 B
282 B
Image
General
Full URL
https://ct.pinterest.com/v3/?tid=2613695941317&ov=%7B%22np%22%3A%22gtm%22%7D&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.headspace.com%2Fterms-and-conditions%3Futm_source%3Dhs_email%26utm_medium%3Demail%26utm_content%3D88170478%26_hsenc%3Dp2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU%26_hsmi%3D88170478%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22497c546a%22%7D&cb=1589910987495
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.189 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-189.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 May 2020 17:56:27 GMT
x-cdn
akamai
status
200
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
4
content-length
35
x-pinterest-rid
8511843173236350
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/
35 B
527 B
Image
General
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2613695941317&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.headspace.com%2Fterms-and-conditions%3Futm_source%3Dhs_email%26utm_medium%3Demail%26utm_content%3D88170478%26_hsenc%3Dp2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU%26_hsmi%3D88170478%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22497c546a%22%7D&cb=1589910987496
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.189 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-189.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 May 2020 17:56:27 GMT
x-cdn
akamai
status
200
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
5
content-length
35
x-pinterest-rid
9278786085776709
expires
Sat, 01 Jan 2000 00:00:00 GMT
pageview
api2.branch.io/v1/
29 B
361 B
XHR
General
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2070:7800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty/1.13.6.2 / Express
Resource Hash
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 19 May 2020 17:56:27 GMT
via
1.1 3f7bd14926d2704d3a00300bdc9dae98.cloudfront.net (CloudFront)
server
openresty/1.13.6.2
x-amz-cf-pop
HAM50-C3
x-powered-by
Express
etag
W/"1d-0Z1F50chJJpy5srE0HvlOYosSzw"
status
200
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
29
x-amz-cf-id
kJ-FrmVnH5ZvuuzIi2LuKb-olJfLRgyJO0_otaqhKv-XZ-AAs8OiuA==
events
logx.optimizely.com/v1/
0
362 B
XHR
General
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/_next/static/rqyw2sppT1g1gXXpLYSYc/pages/_app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.64.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-64-227.compute-1.amazonaws.com
Software
nginx/1.17.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 19 May 2020 17:56:28 GMT
Server
nginx/1.17.2
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.headspace.com
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
b05fce2a-69c1-40ef-8d30-a7efe68d72c2
500.svg
www.headspace.com/static/images/
4 KB
4 KB
Image
General
Full URL
https://www.headspace.com/static/images/500.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
ce9469abf7cf98a17f7c140889c30107b982659148b509ff893780c9a2e6d4b6
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"f73-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
y0WWXyZmcq_5ciqdEQc3rAFR_K7Ja8lgHXVGfXZ6-iyXPoXrtk0p9g==
access-control-allow-credentials
true
app-store.png
www.headspace.com/static/images/
10 KB
12 KB
Image
General
Full URL
https://www.headspace.com/static/images/app-store.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
9d3265c03acb1d15a12d6417747d4e4b6396ffa7bc7ce090a59f0011665548f5
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:28 GMT
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin
content-length
9915
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"26bb-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/png
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
0DQOxMUXClEWMcdacAXBrtWArNVMOj05_3FgrIoL3bAIGt00PSM1xA==
access-control-allow-credentials
true
google-play.png
www.headspace.com/static/images/
13 KB
15 KB
Image
General
Full URL
https://www.headspace.com/static/images/google-play.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
d005cc2f522755e62cec1a06ca5d9b3247e0797c64eca8137509bb172d62e1a5
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:28 GMT
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin
content-length
12953
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"3299-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/png
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
xnvgSGsP_0SPeMIWHsbYxEY4l8oSnH1DYLEaOZY52rI7T5-aCJMUXw==
access-control-allow-credentials
true
app-store.png
www.headspace.com/static/images/
10 KB
12 KB
Image
General
Full URL
https://www.headspace.com/static/images/app-store.png
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/_next/static/chunks/commons.6b0a8655cac3ff2daafc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
9d3265c03acb1d15a12d6417747d4e4b6396ffa7bc7ce090a59f0011665548f5
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:28 GMT
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin
content-length
9915
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"26bb-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/png
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
lBG-RbKA0xETbWF9pOCy04ztm662RpoZOpwg-JSfh_97lqV2EBxelg==
access-control-allow-credentials
true
google-play.png
www.headspace.com/static/images/
13 KB
15 KB
Image
General
Full URL
https://www.headspace.com/static/images/google-play.png
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/_next/static/chunks/commons.6b0a8655cac3ff2daafc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
d005cc2f522755e62cec1a06ca5d9b3247e0797c64eca8137509bb172d62e1a5
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:28 GMT
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin
content-length
12953
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"3299-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/png
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
D6y3HO8uhfF2ru-2vchSTjAZBd-GZ4t2NDqVweyIDvJS7bD52XMeLw==
access-control-allow-credentials
true
500.svg
www.headspace.com/static/images/
4 KB
4 KB
Image
General
Full URL
https://www.headspace.com/static/images/500.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.86 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-86.ham50.r.cloudfront.net
Software
/
Resource Hash
ce9469abf7cf98a17f7c140889c30107b982659148b509ff893780c9a2e6d4b6
Security Headers
Name Value
Content-Security-Policy connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/terms-and-conditions?utm_source=hs_email&utm_medium=email&utm_content=88170478&_hsenc=p2ANqtz-_zw4dY67kfX8a8Gwc_ERMi-EhUgbMcsMvNr6Gcfntdtnhx-IUSTzzsJ1hx28BY7Ow7MMeBdNBrY-EJHDJvaimdaBkX4ivd65EcTCOh09hRA_vRlJU&_hsmi=88170478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 19 May 2020 17:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-C2
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
status
200
vary
Origin, Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 13 May 2020 20:19:35 GMT
x-frame-options
SAMEORIGIN
etag
W/"f73-1720fb143d8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 6c26a6f006166d6418b47ce1f42cffd6.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
content-security-policy
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io api.chilipiper.com api-js.mixpanel.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
ekrb-QhrOOkB79ncvYru4_q9XpEKwqNqt4ahPc-8ceZm3UkqCyWMcg==
access-control-allow-credentials
true

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| dataLayer undefined| _ object| optimizely object| branch object| __NEXT_DATA__ function| __NEXT_REGISTER_PAGE object| webpackJsonp object| google_tag_manager object| mParticle function| pintrk object| GlobalSnowplowNamespace function| snowplow function| URLparser function| getURL function| lh_new function| createCookie function| readCookie function| updateCookie function| eraseCookie function| appendScript function| appendIframe function| loadPixel function| lbLoad function| lbReload function| loadLogger boolean| isLBLoaded boolean| isTealiumLoaded boolean| isInIFrame boolean| isInDebug object| debugType boolean| isInTest boolean| load_lb boolean| lbLoaded string| lbVersion string| newRandom function| tealium_lbReload string| lbURL string| lbIframeURL string| lbRef string| lbTitle object| lbURLtealium string| lbAccount string| lbURLmod boolean| parentIsPermitted object| ASCurWin object| ASurl object| debugCookie undefined| debugQuery string| tealiumURL string| tealiumProfile string| lbURLEncoded string| lbRefEncoded string| lbTitleEncoded string| lbProtocol string| lbHost string| lbRef_host string| lbPath string| lbQuery string| lbAnchor object| hostParts string| lb_url string| lbValue object| lb_val_temp string| lbTrans string| lbData boolean| lbExtRef string| refMedium string| refSource string| refContent string| refTerm string| refCampaign string| refKeyword string| refType string| refEngine string| refAction string| lb_block_list object| lb_block_domain string| tealium_account string| lbRegion string| lb_tag_url string| tealium_host string| tealium_top_level string| tealium_url object| newScript object| scriptElement object| mpGoogleAnalyticsKit object| mpAmplitudeKit object| mpOptimizelyKit object| regeneratorRuntime string| PAGE string| VALUE string| USERTIMING string| HITTYPE boolean| isTesting string| GoogleAnalyticsObject function| ga object| amplitude object| criteo_q boolean| x_axis_condload undefined| x_axis object| Snowplow object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| _profile object| x_axis_data object| _qevents object| _mTrack object| _oiqq object| versaTag object| fb_param object| __core-js_shared__ function| setImmediate function| clearImmediate object| __SENTRY__ object| next object| __NEXT_REDUX_STORE__

15 Cookies

Domain/Path Name / Value
.tiqcdn.com/ Name: x_axis_main
Value: v_id:01722e1462a20020130172db9a4800071024706900b08$_sn:1$_se:1$_ss:1$_st:1589912787428$ses_id:1589910987428%3Bexp-session$_pn:1%3Bexp-session
.headspace.com/ Name: countryCode
Value: NL
.headspace.com/ Name: _sp_ses.8a05
Value: *
www.headspace.com/ Name: AWSALBCORS
Value: nXcmzBhQ2wYpTFWgw3qMqp+8VHsT3mQKWdJsdC2x6zXgeouXXmudWbAlRNQfparxOdRyn1ALrVJ7tT4by0S8OpwZBZbpvesEjWG0v31iJVRVwULA5+JQvQqb26Kw
.headspace.com/ Name: amplitude_id_2c0e8b630e65ea00889d07e47d2bb68d_testheadspace.com
Value: eyJkZXZpY2VJZCI6IjJkMjQ5YTY3LWYwYzYtNDg5MS1hNDlkLWI3YWRlODhkYzRkMlIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTU4OTkxMDk4NzM2NSwibGFzdEV2ZW50VGltZSI6MTU4OTkxMDk4NzM2MCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MSwic2VxdWVuY2VOdW1iZXIiOjF9
.headspace.com/ Name: cookiePolicyMarketing
Value: not-set
.headspace.com/ Name: mprtcl-v4_B0C8D5EC
Value: {'gs':{'ie':1|'dt':'580aa567c0d972439cf41d95730011ed'|'cgid':'cbaaf67f-110a-45a0-8398-9525d55de3ab'|'das':'60afbc18-9af6-43a1-878d-dac980397cae'|'csm':'WyI1NzMzNzYxOTE4MjUwOTY1MzQyIl0='|'sid':'989A2563-DA98-4BA2-AD9A-019252D31207'|'les':1589910987092|'ssd':1589910987090}|'l':0|'5733761918250965342':{'fst':1589910987319}|'cu':'5733761918250965342'}
www.headspace.com/ Name: AWSALB
Value: nXcmzBhQ2wYpTFWgw3qMqp+8VHsT3mQKWdJsdC2x6zXgeouXXmudWbAlRNQfparxOdRyn1ALrVJ7tT4by0S8OpwZBZbpvesEjWG0v31iJVRVwULA5+JQvQqb26Kw
.headspace.com/ Name: optimizelyEndUserId
Value: oeu1589910986874r0.6225405233677763
.headspace.com/ Name: _sp_id.8a05
Value: 8f840819-d8d3-4d1a-af5c-728eae1675e7.1589910986.1.1589910987.1589910986.ec66a3e5-d57b-4fee-a8a9-6fef31802d56
.headspace.com/ Name: _pin_unauth
Value: ZTViN2E3MWYtMDIyMS00ODM1LWI5Y2UtMjliZTI4YzU2NGMw
.headspace.com/ Name: cookiePolicyAnalytics
Value: not-set
.headspace.com/ Name: _gid
Value: GA1.2.70024162.1589910987
.headspace.com/ Name: _ga
Value: GA1.2.183624062.1589910987
.headspace.com/ Name: lang
Value: en

6 Console Messages

Source Level URL
Text
console-api debug URL: https://get.headspace.com/e2t/c/*W7NGvQR2brt41VQqm8s6P2cBd0/*W5lnbKD7vrqfSW65CcTc7bbrpY0/5/f18dQhb0Sjvm8XJ8n0N8L4s_THyjJqMQBpmsd7tfRN3hHh9fVMsQMVnQ9Qq8--HBkW8ZPQgZ32RQfMW5nJfZH8Wm1shW30TSjL4h0dh8W4g0ZBy309LD8W8Xl6TD2MznrNW567bYV5lKvt_N5420y5JVPYMVVVW1H32p-C3W4cMfVr3KgDYcN31H380bMJH8W6b-vF067h1zcMQC5z2PC2cVW7flF5J6068q5W3PwWb-1kLr2rW1svrw8964Vn6W3MgYBJ95BWvLW5wVDBZ6NkBnNW5tfWXK3JYx6KW4WrYb835VnzyW3LWLmc231zyyW5y7qK663_5H4W24D_Qd6QYCdjW4pXFql8r4QMTW3JR-XT5wdVd5W6QhGyq9b22nMW3Lhvkj5w-Zx-W4VqR8W5HFpXvN1Pxphk2FmnvVrX3l16VzKpqW7HH42f95R_7wW4vvcz97dDs_8W6bnQYS5Cc1-xW5ddPsj7mt3V-W4gPy4D8Zn8Y1W4dhn2D3t2HrWW8ywkjB3P-pkHW85-n745kj_cfMdSQk91_Q0kf1NjY6v11(Line 13)
Message:
toS
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1593)
Message:
GTM PTag v1.2; tagId: 2613695941317
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1593)
Message:
Firing Pinterest event: pagevisit
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1593)
Message:
Event Data:
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1593)
Message:
[object Object]
console-api error URL: https://www.headspace.com/_next/static/rqyw2sppT1g1gXXpLYSYc/pages/_app.js(Line 24)
Message:
[object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a11673470095.cdn.optimizely.com
api.amplitude.com
api2.branch.io
app.link
cdn-akamai.mookie1.com
cdn.amplitude.com
cdn.branch.io
cdn.optimizely.com
cdn.polyfill.io
cdnjs.cloudflare.com
ct.pinterest.com
d1fc8wv8zag5ca.cloudfront.net
get.headspace.com
identity.mparticle.com
jssdkcdns.mparticle.com
jssdks.mparticle.com
logx.optimizely.com
s.pinimg.com
static.criteo.net
static.headspace.com
tags.tiqcdn.com
www.google-analytics.com
www.googletagmanager.com
www.headspace.com
152.199.23.241
23.210.248.189
23.42.16.219
23.45.99.37
2600:9000:2070:7800:11:f728:3040:93a1
2600:9000:2070:c000:19:9934:6a80:93a1
2606:4700::6810:85e5
2606:4700::6811:79b4
2a00:1450:4001:81d::2008
2a00:1450:4001:81d::200e
2a02:2638:1::3
2a02:26f0:6c00:284::13b8
2a02:26f0:6c00:294::1931
2a04:4e42:1b::645
2a04:4e42:200::645
2a04:4e42:3::621
2a04:4e42:600::645
52.222.190.114
52.222.190.49
52.222.190.86
52.55.64.227
54.230.182.187
54.230.182.7
54.70.66.36
1814b26be6374891fe3ebd2dc02797861ceca8c7836c6c037e06a35e94780e9b
2607cd9aff4fe580c54fca06df7eb678e4eddb5e96a04f7a9e40faf50e0d3ccc
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
31ae141d8859a9f1b78def6a754ef263abee60284dea31b840e7d45f3a5318e6
379090e9be167f3d4ada299b739f43067ea015807f6bc31a3c18b0b877aa986a
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
38086780da1ae241464c5c6c6797e7625057d352c4de31c56017aaa67a56a8d7
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
513ec264d0d9bcb4883b5fc9c3d5660aff4364f2f56b50bfc78add86d707a199
517707945ff392cd1ae6b91d1b411d3a4218bbb31d8429798a7374359977f2d4
56e81c364da2cf5172aa095f02558ee2f440585d21cbe8d6746a0e473c0c8e2c
5cfd7a812a15d3765357ffb2a9b187008c34aff5b77556ba032de395f437ba40
67f9544afd856cd9e5c20eb98be05c3a4203de9ef9e48123645388213b4461ac
6a60018cab3d38d035188490d869d5dc1283a7dd115917226df457ca92887f7f
6a66bf2110b9409a61c2c0b40c95991dd78f5cc34d8c4429785b3501841cb54a
6ce0af26a33dbf8034a0f13214bff3065273f56b42c341a81b18bbd72e9ae976
7810bbcff2a1e41e7b348d30a5f6d1574d7530cf94ea9b12d6d1e5d847178e19
8174ef6dde1f88760c8b86d737eaad0ba4700ec0ba273c19ab94eba66922d460
88a83d6555af69a761e9d9c92ec7b587a1de45c95e4365ab8ef3d0abeb823ff0
924acd657cae6f477285200745384e2e891a8ddb165b87a725af69dd4aad65b3
9b154c614752acfcba108c51c9540acd198d9a673563d013eb0b481e5fa70b60
9d3265c03acb1d15a12d6417747d4e4b6396ffa7bc7ce090a59f0011665548f5
9f9084a28e172e3f95d5e7529eeef13f393d472d519dc4748d7f7089339c0ddc
a09bdb333bae465de4250fe824f3e1142cb07e22ab746e63f7f7ef999653e8ff
a34c19524cc510c06cab6bb21fc8d6974e13203ff1727626d137a73f88cb2e41
a82c8493d477e2ef23955dcc9e1a0dcd9553dc7fa954040c0b31b3f168502a5e
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b5d18443c635b7a16ef48219eb5f507cbc1331e1543c3bbc317cf2f26f47e8c0
becaacd484e24beb84e74eefd4926847a13f11f66ab42ebbcfd2ff8a2f296259
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
c5a6611959ec6019bff42082fdea52f51798ff3bd70fb0f124a07ae542252064
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
ce9469abf7cf98a17f7c140889c30107b982659148b509ff893780c9a2e6d4b6
d005cc2f522755e62cec1a06ca5d9b3247e0797c64eca8137509bb172d62e1a5
d89b63406de97fcad69446cdc0456ec7f3132d5aa946a83f41089d8971e5267a
da4fae0ee0fcb340c3d5944c2916e04b610c1b27bf569218fd8b9004d5cac504
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e918a3fcb44e725952c49774404f5564c0e5bf79fe03fdd78ec2034561153672
ed701b7b3e481a10fba82b402a62c68e275d4a098c3518df7747961ec1115744
ffedbc3bb69866027705be1b0d108d7a89ccff90f1a8ee41618dac21e79473e6