urlscan.io logo urlscan.io
SecurityTrails logo

bonus.ly Open in urlscan Pro
2606:4700:4400::ac40:987a  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc?utm_source=bonus.ly&utm_medium=email&utm_campaig...
Effective URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Submission: On July 24 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 4 countries across 33 domains to perform 56 HTTP transactions. The main IP is 2606:4700:4400::ac40:987a, located in United States and belongs to CLOUDFLARENET, US. The main domain is bonus.ly. The Cisco Umbrella rank of the primary domain is 79944.
TLS certificate: Issued by GTS CA 1P5 on June 5th 2023. Valid for: 3 months.
This is the only time bonus.ly was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 35.201.112.186 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:310... 20940 (AKAMAI-ASN1)
1 146.75.116.157 54113 (FASTLY)
1 108.139.243.30 ()
1 2a00:1450:400... 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2600:9000:211... 16509 (AMAZON-02)
2 216.24.57.3 397273 (RENDER)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.197 13414 (TWITTER)
1 104.244.42.3 13414 (TWITTER)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 108.139.243.67 ()
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
56 32
9    2606:4700:4400::ac40:987a (United States)

ASN13335 (CLOUDFLARENET, US)
bonus.ly
recognition-production-cdn-aws.bonus.ly
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
1    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a02:26f0:3100::1735:28d9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    108.139.243.30 (United States)

ASN- ()
PTR: server-108-139-243-30.mxp63.r.cloudfront.net
static.hotjar.com
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2600:9000:2113:6200:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)
tag.clearbitscripts.com
2    216.24.57.3 (United States)

ASN397273 (RENDER, US)
grow.clearbitjs.com
1    2606:4700::6812:873b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
2    2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.3 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    108.139.243.67 (United States)

ASN- ()
PTR: server-108-139-243-67.mxp63.r.cloudfront.net
script.hotjar.com
1    2606:4700::6811:836e (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6810:77be (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
2    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
Apex Domain
Subdomains		 Transfer
9 bonus.ly
bonus.ly — Cisco Umbrella Rank: 79944
recognition-production-cdn-aws.bonus.ly — Cisco Umbrella Rank: 176921
135 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 5791
669 B
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 382
13 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 56
stats.g.doubleclick.net — Cisco Umbrella Rank: 120
2 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 109
216 B
2 google.com
www.google.com — Cisco Umbrella Rank: 3
562 B
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 385
px4.ads.linkedin.com — Cisco Umbrella Rank: 5986
1 KB
2 clearbitjs.com
grow.clearbitjs.com — Cisco Umbrella Rank: 29150
1 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 166
155 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 741
script.hotjar.com — Cisco Umbrella Rank: 932
74 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 59
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 73
180 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 425
fonts.googleapis.com — Cisco Umbrella Rank: 82
9 KB
1 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2249
1 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2177
17 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3298
3 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2171
22 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4311
86 KB
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 678
394 B
1 t.co
t.co — Cisco Umbrella Rank: 518
376 B
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2481
1 KB
1 clearbitscripts.com
tag.clearbitscripts.com — Cisco Umbrella Rank: 13313
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 711
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 701
5 KB
1 gstatic.com
fonts.gstatic.com
48 KB
1 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2136
rs.fullstory.com Failed
68 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1187
7 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 724
30 KB
0 oribi.io Failed
cdn.linkedin.oribi.io Failed
0 zoominfo.com Failed
ws.zoominfo.com Failed
0 g2crowd.com Failed
tracking.g2crowd.com Failed
0 salesloft.com Failed
scout-cdn.salesloft.com Failed
0 googleoptimize.com Failed
www.googleoptimize.com Failed
56 33
Domain Requested by
7 bonus.ly 2 redirects bonus.ly
static.cloudflareinsights.com
3 www.google.de bonus.ly
3 bat.bing.com www.googletagmanager.com
bat.bing.com
bonus.ly
2 www.facebook.com bonus.ly
2 www.google.com bonus.ly
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 grow.clearbitjs.com bonus.ly
2 connect.facebook.net bonus.ly
connect.facebook.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com bonus.ly
www.googletagmanager.com
2 recognition-production-cdn-aws.bonus.ly
1 track.hubspot.com
1 js.hs-banner.com js.hs-scripts.com
js.hs-banner.com
1 js.hsadspixel.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hsleadflows.net js.hs-scripts.com
1 script.hotjar.com static.hotjar.com
1 px4.ads.linkedin.com bonus.ly
1 px.ads.linkedin.com 1 redirects
1 analytics.twitter.com bonus.ly
1 t.co bonus.ly
1 js.hs-scripts.com www.googletagmanager.com
1 tag.clearbitscripts.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 edge.fullstory.com bonus.ly
edge.fullstory.com
1 static.cloudflareinsights.com bonus.ly
1 fonts.googleapis.com bonus.ly
1 code.jquery.com
1 ajax.googleapis.com
0 cdn.linkedin.oribi.io Failed snap.licdn.com
0 ws.zoominfo.com Failed bonus.ly
0 tracking.g2crowd.com Failed bonus.ly
0 scout-cdn.salesloft.com Failed bonus.ly
0 www.googleoptimize.com Failed www.googletagmanager.com
0 rs.fullstory.com Failed edge.fullstory.com
56 39

This site contains no links.

Subject Issuer Validity Valid
bonus.ly
GTS CA 1P5		 2023-06-05 -
2023-09-03		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
edge.fullstory.com
GTS CA 1D4		 2023-07-23 -
2023-10-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-22 -
2023-08-22		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2023-02-16 -
2023-08-16		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-05-03 -
2023-08-01		 3 months crt.sh
clearbitscripts.com
Amazon RSA 2048 M01		 2023-06-11 -
2024-07-09		 a year crt.sh
grow.clearbitjs.com
R3		 2023-05-29 -
2023-08-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh

This page contains 2 frames:

Primary Page: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Frame ID: C1379B371581DE2752C46D90AAC93EC3
Requests: 54 HTTP requests in this frame

Frame: https://bonus.ly/cdn-cgi/challenge-platform/h/b/scripts/jsd/e6489737/invisible.js
Frame ID: EF8300D470FC0D89E1F5F9944030CD1A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bonusly - Reimagine Employee Recognition

Page URL History Show full URLs

  1. https://bonus.ly/user/email_preferences/64be598d83621000210255cc?utm_source=bonus.ly&utm_medi... HTTP 302
    https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

56
Requests

82 %
HTTPS

75 %
IPv6

33
Domains

39
Subdomains

32
IPs

4
Countries

892 kB
Transfer

3411 kB
Size

25
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bonus.ly/user/email_preferences/64be598d83621000210255cc?utm_source=bonus.ly&utm_medium=email&utm_campaign=unknown HTTP 302
    https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://bonus.ly/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
  • https://bonus.ly/cdn-cgi/challenge-platform/h/b/scripts/jsd/e6489737/invisible.js
Request Chain 38
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414777&time=1690221862886&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414777&time=1690221862886&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&e_ipv6=AQK-_1cIhatQegAAAYmJEuC3VwpUzDMx7XE5bNP9eqpB8wGTACdBoMlxifoD22aETrCloSQ

56 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request edit
bonus.ly/user/email_preferences/64be598d83621000210255cc/
Redirect Chain
  • https://bonus.ly/user/email_preferences/64be598d83621000210255cc?utm_source=bonus.ly&utm_medium=email&utm_campaign=unknown
  • https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
31 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15d142ad66a6bfd0be19193ded15d862cd6b6c5b435ad0dfae6c267e37285ca1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com *.jquery.com recognition-production-cdn-aws.bonus.ly *.bootstrapcdn.com script.hotjar.com surveys-static.survicate.com; img-src * data: blob:; object-src 'self' recognition-production-cdn-aws.bonus.ly; script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bonus.ly *.google.com js.chilipiper.com *.chilipiper.com js.chargebee.com *.jquery.com zapier.com bonus.ly/api/ums surveys-static.survicate.com; connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com; frame-ancestors 'self' *.bonus.ly *.bonusly.dev *.screencloud.com *.screen.cloud *.screencloudapps.com *.next.sc http://localhost:* staffspace.oma.org http://10.0.0.4:* *.sharepoint.com *.it1.be dashboard.skilljar.com app.resplendentdata.com *.jancare.com *.valotalive.com *.valota.live http://swr-apps-v:* https://aceandcompany.intranet.digital *.kaufmanrossin.com; frame-src 'self' fast.wistia.net js.stripe.com share.intercom.io bonus.ly *.bonus.ly *.bonusly.dev *.hubspot.com *.doubleclick.net *.google.com *.twitter.com *.vimeo.com *.hsforms.com *.youtube.com www.instagram.com *.hotjar.com api.intellimize.co js.chilipiper.com *.chilipiper.com my.pima.app bonusly.chargebee.com bonusly-test.chargebee.com js.chargebee.com *.intellimizeio.com intercom-sheets.com cdn.merge.dev *.trybento.co; media-src js.intercomcdn.com media.tenor.com *.bonus.ly *.bonusly.dev
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7ebe15cb7d3c1bc3-FRA
content-encoding
br
content-security-policy
default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com *.jquery.com recognition-production-cdn-aws.bonus.ly *.bootstrapcdn.com script.hotjar.com surveys-static.survicate.com; img-src * data: blob:; object-src 'self' recognition-production-cdn-aws.bonus.ly; script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bonus.ly *.google.com js.chilipiper.com *.chilipiper.com js.chargebee.com *.jquery.com zapier.com bonus.ly/api/ums surveys-static.survicate.com; connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com; frame-ancestors 'self' *.bonus.ly *.bonusly.dev *.screencloud.com *.screen.cloud *.screencloudapps.com *.next.sc http://localhost:* staffspace.oma.org http://10.0.0.4:* *.sharepoint.com *.it1.be dashboard.skilljar.com app.resplendentdata.com *.jancare.com *.valotalive.com *.valota.live http://swr-apps-v:* https://aceandcompany.intranet.digital *.kaufmanrossin.com; frame-src 'self' fast.wistia.net js.stripe.com share.intercom.io bonus.ly *.bonus.ly *.bonusly.dev *.hubspot.com *.doubleclick.net *.google.com *.twitter.com *.vimeo.com *.hsforms.com *.youtube.com www.instagram.com *.hotjar.com api.intellimize.co js.chilipiper.com *.chilipiper.com my.pima.app bonusly.chargebee.com bonusly-test.chargebee.com js.chargebee.com *.intellimizeio.com intercom-sheets.com cdn.merge.dev *.trybento.co; media-src js.intercomcdn.com media.tenor.com *.bonus.ly *.bonusly.dev
content-type
text/html; charset=utf-8
date
Mon, 24 Jul 2023 18:04:21 GMT
expect-ct
max-age=86400, enforce
link
<https://recognition-production-cdn-aws.bonus.ly/assets/lib/emojione.sprites-8638750142717a73b47d5f8ac1e710ec2dc15a7e603faca7b55e885f86c1402a.css>; rel=preload; as=style; nopush,<https://recognition-production-cdn-aws.bonus.ly/assets/application-8e5bf6ef5b2b7756e53654413e8947421f1f88a765f106066c52ad63c4668655.css>; rel=preload; as=style; nopush,<//ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.min.css>; rel=preload; as=style; nopush,<//code.jquery.com/jquery-3.6.0.min.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=; nopush
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
x-download-options
noopen
x-envoy-upstream-service-time
106
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
582ecd32-ea97-458f-838a-60232f0ef38c
x-runtime
0.103802
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7ebe15ca6bd01bc3-FRA
content-security-policy
default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com *.jquery.com recognition-production-cdn-aws.bonus.ly *.bootstrapcdn.com script.hotjar.com surveys-static.survicate.com; img-src * data: blob:; object-src 'self' recognition-production-cdn-aws.bonus.ly; script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bonus.ly *.google.com js.chilipiper.com *.chilipiper.com js.chargebee.com *.jquery.com zapier.com bonus.ly/api/ums surveys-static.survicate.com; connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com; frame-ancestors 'self' *.bonus.ly *.bonusly.dev *.screencloud.com *.screen.cloud *.screencloudapps.com *.next.sc http://localhost:* staffspace.oma.org http://10.0.0.4:* *.sharepoint.com *.it1.be dashboard.skilljar.com app.resplendentdata.com *.jancare.com *.valotalive.com *.valota.live http://swr-apps-v:* https://aceandcompany.intranet.digital *.kaufmanrossin.com; frame-src 'self' fast.wistia.net js.stripe.com share.intercom.io bonus.ly *.bonus.ly *.bonusly.dev *.hubspot.com *.doubleclick.net *.google.com *.twitter.com *.vimeo.com *.hsforms.com *.youtube.com www.instagram.com *.hotjar.com api.intellimize.co js.chilipiper.com *.chilipiper.com my.pima.app bonusly.chargebee.com bonusly-test.chargebee.com js.chargebee.com *.intellimizeio.com intercom-sheets.com cdn.merge.dev *.trybento.co; media-src js.intercomcdn.com media.tenor.com *.bonus.ly *.bonusly.dev
content-type
text/html; charset=utf-8
date
Mon, 24 Jul 2023 18:04:21 GMT
expect-ct
max-age=86400, enforce
location
https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
x-download-options
noopen
x-envoy-upstream-service-time
11
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
c8e13140-ff66-4de8-b8fc-392e37f99ba9
x-runtime
0.009376
x-xss-protection
1; mode=block
emojione.sprites-8638750142717a73b47d5f8ac1e710ec2dc15a7e603faca7b55e885f86c1402a.css
recognition-production-cdn-aws.bonus.ly/assets/lib/ 		154 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://recognition-production-cdn-aws.bonus.ly/assets/lib/emojione.sprites-8638750142717a73b47d5f8ac1e710ec2dc15a7e603faca7b55e885f86c1402a.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61b356eebaefd79960aeb0e201ecc895ab277c85db03e46ed553a3d68107b338
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:21 GMT
via
1.1 89e34e3fd814f1393ef77867b93dd12e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-version-id
mmNj3zyO6_qIk1yePVcVvCv9hoLZk79m
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P4
age
352373
cf-polished
origSize=157707
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Thu, 22 Jun 2023 17:20:52 GMT
server
cloudflare
etag
W/"9d5dcefa79c7cc9530465e131c46f180"
expect-ct
max-age=86400, enforce
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31557600
cf-ray
7ebe15cd58241bc3-FRA
x-amz-cf-id
Q6wBMAs2vkJ6DcHKl0mNmAju8RVlguSnm9f_zv03rxFB-_2R1oDsHQ==
expires
Fri, 21 Jun 2024 23:20:51 GMT
application-8e5bf6ef5b2b7756e53654413e8947421f1f88a765f106066c52ad63c4668655.css
recognition-production-cdn-aws.bonus.ly/assets/ 		529 KB
97 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://recognition-production-cdn-aws.bonus.ly/assets/application-8e5bf6ef5b2b7756e53654413e8947421f1f88a765f106066c52ad63c4668655.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2a56ad649773918a08946891c16fa59289279e16c199ebb07a8ca8be4b7ef7e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:21 GMT
via
1.1 5519a8cb450b567e8b7111ae986a9b4c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-version-id
R1pLEu6tHoKS.eUfwhFmwOJHCIIeLLQ7
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P4
age
352373
cf-polished
origSize=544791
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
minify
last-modified
Tue, 18 Jul 2023 20:36:06 GMT
server
cloudflare
etag
W/"665003585335ae51eca1ce8aa43793c6"
expect-ct
max-age=86400, enforce
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31557600
cf-ray
7ebe15cd58271bc3-FRA
x-amz-cf-id
UtGyrxKlXoc672eY7PGBLCoYqTR_f_ia44_ax5c6LxQfUe1dtTxQjg==
expires
Thu, 18 Jul 2024 02:36:05 GMT
jquery-ui.min.css
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/ 		31 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be92933b839bd4ce1b67c440bd9bd832d8a7333d578c7d1061d00edbceb557d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 09:35:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30558
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7645
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 23 Jul 2024 09:35:04 GMT
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
Origin
https://bonus.ly
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d9d"
vary
Accept-Encoding
x-hw
1690221862.dop202.fr8.t,1690221862.cds256.fr8.hn,1690221862.cds144.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
css
fonts.googleapis.com/ 		22 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,700,700italic,800,800italic
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1d90d8acaf8e945cbe6301f571086a38f216bd9c161fa975fea3c75b6f8d3662
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 24 Jul 2023 18:04:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 24 Jul 2023 18:04:22 GMT
email-decode.min.js
bonus.ly/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
906 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bonus.ly/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:21 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Tue, 18 Jul 2023 17:37:51 GMT
server
cloudflare
content-encoding
gzip
etag
W/"64b6cdef-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
7ebe15cd39005bf1-FRA
expires
Wed, 26 Jul 2023 18:04:21 GMT
v2cb3a2ab87c5498db5ce7e6608cf55231689030342039
static.cloudflareinsights.com/beacon.min.js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af780e357234ceb6feec085a9a31f46834c88c4d3852d79050ad9dc3658a3a67

Request headers

Referer
Origin
https://bonus.ly
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
gzip
last-modified
Thu, 20 Jul 2023 18:10:27 GMT
server
cloudflare
etag
W/"2023.7.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7ebe15cedf559237-FRA
gtm.js
www.googletagmanager.com/ 		308 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d5eca8665d8bec2b41413bbf0417157216485c8ad3f514d8fede895967eaba2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99048
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 24 Jul 2023 18:04:22 GMT
fs.js
edge.fullstory.com/s/ 		247 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
005b5900b7c883605a51064c4d229f497c8ba63718c411f74a071316b33d2e1f

Request headers

Referer
Origin
https://bonus.ly
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 17:17:02 GMT
content-encoding
br
age
2840
x-guploader-uploadid
ADPycds2MPii76OBjQRRwcsHdtdHP8W0cAfBSoUPjpt_eOquIsMS6oK7D7XDiY0casVRdYBg2XjvR6uMoQpAW6240dAhBTYb5k-R
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68503
last-modified
Mon, 24 Jul 2023 14:15:49 GMT
server
UploadServer
etag
"c431892ce89bbd56f16f65946a7f758f"
vary
Accept-Encoding
x-goog-generation
1690208148944639
x-goog-hash
crc32c=2Iq53w==, md5=xDGJLOibvVbxb2WUan91jw==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
68503
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 24 Jul 2023 18:17:02 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,700,700italic,800,800italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bonus.ly
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Sat, 22 Jul 2023 05:45:28 GMT
x-content-type-options
nosniff
age
217134
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48412
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:08:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Jul 2024 05:45:28 GMT
invisible.js
bonus.ly/cdn-cgi/challenge-platform/h/b/scripts/jsd/e6489737/ Frame EF83
Redirect Chain
  • https://bonus.ly/cdn-cgi/challenge-platform/scripts/invisible.js
  • https://bonus.ly/cdn-cgi/challenge-platform/h/b/scripts/jsd/e6489737/invisible.js
7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bonus.ly/cdn-cgi/challenge-platform/h/b/scripts/jsd/e6489737/invisible.js
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H3
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a67a4e0535a8b69ba494c982b398233b5f9616fe5bd1b71f56de0ddc8a3c30e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
referrer-policy
same-origin
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
expect-ct
max-age=86400, enforce
vary
accept-encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
7ebe15cfabf75bf1-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block

Redirect headers

date
Mon, 24 Jul 2023 18:04:22 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
referrer-policy
same-origin
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=86400, enforce
vary
accept-encoding
x-frame-options
SAMEORIGIN
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/e6489737/invisible.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
7ebe15cf5bab5bf1-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
web
edge.fullstory.com/s/settings/MBRJG/v1/ 		0
0
web
rs.fullstory.com/s/settings/MBRJG/v1/ 		0
0
7ebe15cb7d3c1bc3
bonus.ly/cdn-cgi/challenge-platform/h/b/cv/result/ Frame EF83 		0
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bonus.ly/cdn-cgi/challenge-platform/h/b/cv/result/7ebe15cb7d3c1bc3
Requested by
Host: bonus.ly
URL: https://bonus.ly/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
referrer-policy
same-origin
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
expect-ct
max-age=86400, enforce
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
cf-ray
7ebe15d0fd585bf1-FRA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
optimize.js
www.googleoptimize.com/ 		0
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 24 Jul 2023 16:35:19 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
5343
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 24 Jul 2023 18:35:19 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:28d9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jul 2023 09:07:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=54204
accept-ranges
bytes
content-length
4862
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-eddf8230041-FRA
hotjar-1260982.js
static.hotjar.com/c/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1260982.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.243.30 , United States, ASN (),
Reverse DNS
server-108-139-243-30.mxp63.r.cloudfront.net
Software
/
Resource Hash
e534cfc213cdc6466ef991b49dfb48e6a0f7d934d1ed031b925733e2ab0994f1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 fbd0ff69760f3a4dd26b4ffb73d9ba5c.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P3
etag
W/b328151c542618ae66f81312ca7f225a
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
goop56jhQQE3bRV6-_jU08VdBJXnX17XpxDlsj20xojVhrs1rKKYpg==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/991155754/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/991155754/?random=1690221862560&cv=11&fst=1690221862560&bg=ffffff&guid=ON&async=1&gtm=45He37j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&hn=www.googleadservices.com&frm=0&tiba=Bonusly%20-%20Reimagine%20Employee%20Recognition&auid=107045567.1690221863&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
31203beb2df10065aa42dee6f38d11768abda507ed6435fc7c72ec95c64bf9c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1349
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bat.js
bat.bing.com/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
62ed4d49c5a79b0aff17f47c74efc7958d70987d9350e746c0342755587dd3df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 24 Jul 2023 18:04:22 GMT
last-modified
Mon, 17 Jul 2023 22:20:48 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8DDFDF0378C04EE7B13B5B5CD6243E34 Ref B: FRA31EDGE0611 Ref C: 2023-07-24T18:04:22Z
etag
"060e2effcb8d91:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
12442
fbevents.js
connect.facebook.net/en_US/ 		171 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5facf3ca997fd8a7658579d40b8bc44a659e12df5b45b2f1f1713f987b86366c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 24 Jul 2023 18:04:22 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
46993
x-xss-protection
0
pragma
public
x-fb-debug
XPldlD/wqKnrf++KlUYET5l8dqa4KAm5XQOft2Fn+xK1OiD00Mq7Ao+CE1JjAeGziccs7u8jidM/kvRd10jSLw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
sl.js
scout-cdn.salesloft.com/ 		0
0
863.js
tracking.g2crowd.com/attribution_tracking/conversions/ 		0
0
tags.js
tag.clearbitscripts.com/v1/pk_314ecea713d6fc4d1b570380427eb5fa/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.clearbitscripts.com/v1/pk_314ecea713d6fc4d1b570380427eb5fa/tags.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2113:6200:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 afbd0756929fd5d8f835ce26b1931d4c.cloudfront.net (CloudFront)
server
envoy
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
CDG3-C1
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
x-amz-cf-id
E07dcDLx8U9NOgNbmlrA7PdBeOm3dkgmqM_NAYYD9pxuPHuWQYllJA==
pixel.js
grow.clearbitjs.com/api/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://grow.clearbitjs.com/api/pixel.js?v=1690221862568
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.24.57.3 , United States, ASN397273 (RENDER, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3b832350962ac3ba8a6f89d76e744fdbcdf37d5f810b8ff1fc8cb3dc8f964c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
x-render-origin-server
Render
vary
Accept-Encoding
content-type
text/javascript
cf-ray
7ebe15d23c0d9277-FRA
alt-svc
h3=":443"; ma=86400
1973303.js
js.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/1973303.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:873b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
900933fb9faf26970ee0b554e2980bb5c77f6af3e3378422f32ed05dfcb4b575
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5f021673-5d0b-4a13-95b7-cc45d1c00995
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5f021673-5d0b-4a13-95b7-cc45d1c00995
last-modified
Mon, 24 Jul 2023 17:03:35 GMT
server
cloudflare
x-trace
2B4C4BE972F6BCB82AC9A5434B93A72D67E0C3A30D000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-598c95b5b7-fj87l
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
7ebe15d1eda01c85-FRA
expires
Mon, 24 Jul 2023 18:05:22 GMT
UykUEab03gwPaBA0dcv8
ws.zoominfo.com/pixel/ 		0
0
js
www.googletagmanager.com/gtag/ 		241 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-LYH0R10SEC&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
49d03d530d52201f6b408ff2b6139d77d8ba34d4bf9b8d429d1983f623bee130
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
84452
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 24 Jul 2023 18:04:22 GMT
collect
stats.g.doubleclick.net/g/ 		0
249 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-LYH0R10SEC&cid=1200054491.1690221863&gtm=45je37j0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LYH0R10SEC&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bonus.ly
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LYH0R10SEC&cid=1200054491.1690221863&gtm=45je37j0&aip=1&z=2030406487
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/ 		43 B
376 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=910b219d-143b-4263-ae52-b37c7771c342&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=0d8e5ccb-7536-4a5a-bb1a-f40737378eb5&tw_document_href=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv1j9&type=javascript&version=2.3.29
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-response-time
102
date
Mon, 24 Jul 2023 18:04:22 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
e68557a0a939f5b1
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
e034cbfbee0b74387672569317ef15b4895cf7a5eecea7d23e168bb937e0203f
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=910b219d-143b-4263-ae52-b37c7771c342&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=0d8e5ccb-7536-4a5a-bb1a-f40737378eb5&tw_document_href=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv1j9&type=javascript&version=2.3.29
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-response-time
181
date
Mon, 24 Jul 2023 18:04:22 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
8aa13480a8ff53bd
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
08f5eea702c59eb3b648241f905af164424b7ced930f85723220dc7247a3e14a
content-length
43
collect
www.google-analytics.com/j/ 		4 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=356300299&t=pageview&_s=1&dl=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&ul=en-us&de=UTF-8&dt=Bonusly%20-%20Reimagine%20Employee%20Recognition&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABQAAAACAAI~&jid=1396228756&gjid=737771057&cid=1200054491.1690221863&tid=UA-34854530-1&_gid=1790716174.1690221863&_r=1&_slc=1&gtm=45He37j0n81N5K2M3S&cd3=logged-out&cd6=(type%20not%20set)&cd7=(name%20not%20set)&cd8=(domain%20not%20set)&cd9=(industry%20not%20set)&cd10=(subindustry%20not%20set)&cd11=(employee%20range%20not%20set)&cd12=(revenue%20not%20set)&cd13=(rank%20not%20set)&cd14=(city%20not%20set)&cd15=(state%20not%20set)&cd16=(country%20not%20set)&cd17=(code%20not%20set)&z=1611372957
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bonus.ly
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
433534167062953
connect.facebook.net/signals/config/ 		377 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/433534167062953?v=2.9.116&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a2d1584efbc8e36a0a6db76f272418e93c86e0b417a69bfc1e88403c9b713be2
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 24 Jul 2023 18:04:22 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
7vLx1qXsPfmrwBvGsPOvQVOLss8qSmSQ2R5HLd24/E2b2yqUWXW4oA7wiz+06C1UylvlXqi0fhWo4gpXuV+8YA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
17372234.js
bat.bing.com/p/action/ 		0
118 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/17372234.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Mon, 24 Jul 2023 18:04:22 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0498B2EF4B0845FEB901A766E9AE7D42 Ref B: FRA31EDGE0611 Ref C: 2023-07-24T18:04:22Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=17372234&tm=gtm002&Ver=2&mid=c4deacae-4e11-42a9-95e8-8c37d7d6715b&sid=84c79b702a4c11eeaa75af4667a6390a&vid=84ca8e302a4c11ee933807620ba7d1c2&vids=1&msclkid=N&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Bonusly%20-%20Reimagine%20Employee%20Recognition&p=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&r=&lt=897&evt=pageLoad&sv=1&rn=133507
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jul 2023 18:04:22 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0CF94E0269A447DF98AC628AD1F9C44B Ref B: FRA31EDGE0611 Ref C: 2023-07-24T18:04:22Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
token
cdn.linkedin.oribi.io/partner/414777/domain/bonus.ly/ 		0
0
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414777&time=1690221862886&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414777&time=1690221862886&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&e_ipv6=AQK-_1cIhatQegAAAYmJEuC3...
0
481 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414777&time=1690221862886&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&e_ipv6=AQK-_1cIhatQegAAAYmJEuC3VwpUzDMx7XE5bNP9eqpB8wGTACdBoMlxifoD22aETrCloSQ
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:22 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: A20D4461E212460BB27AD6ECA65CC60B Ref B: DUS30EDGE0705 Ref C: 2023-07-24T18:04:23Z
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
application/javascript
x-li-fabric
prod-ltx1
x-cache
CONFIG_NOCACHE
x-li-proto
http/2
content-length
0
x-li-uuid
AAYBP3HCbcCgwfl/ShUA3g==

Redirect headers

date
Mon, 24 Jul 2023 18:04:22 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: B27E19FC4EA34FF783B9B3CBA716C424 Ref B: FRAEDGE1407 Ref C: 2023-07-24T18:04:23Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414777&time=1690221862886&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&e_ipv6=AQK-_1cIhatQegAAAYmJEuC3VwpUzDMx7XE5bNP9eqpB8wGTACdBoMlxifoD22aETrCloSQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAYBP3G9pc0Q3lXj3oeUvg==
/
www.google.com/pagead/1p-user-list/991155754/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/991155754/?random=1690221862560&cv=11&fst=1690221600000&bg=ffffff&guid=ON&async=1&gtm=45He37j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&frm=0&tiba=Bonusly%20-%20Reimagine%20Employee%20Recognition&fmt=3&is_vtc=1&random=2329610233&rmt_tld=0&ipr=y
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/991155754/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/991155754/?random=1690221862560&cv=11&fst=1690221600000&bg=ffffff&guid=ON&async=1&gtm=45He37j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&frm=0&tiba=Bonusly%20-%20Reimagine%20Employee%20Recognition&fmt=3&is_vtc=1&random=2329610233&rmt_tld=1&ipr=y
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules.09b6280d5882251d9298.js
script.hotjar.com/ 		280 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.09b6280d5882251d9298.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1260982.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.243.67 , United States, ASN (),
Reverse DNS
server-108-139-243-67.mxp63.r.cloudfront.net
Software
/
Resource Hash
c48e9703a155ada36014a63969a61894e7fba42fdb76245724a5f8725e79ea58
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 14:12:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 dcfd78c05ae02ba7df7f221cacf87f22.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P3
age
13937
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
69356
last-modified
Mon, 24 Jul 2023 14:11:18 GMT
etag
"1063930435a73d3691474cf45c5947d9"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
ukTO-ZnngkcOFQuW6zO7KQZagN7LOwIOF5wyqTxXJeblGm4tzRc0hg==
collect
stats.g.doubleclick.net/j/ 		4 B
151 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-34854530-1&cid=1200054491.1690221863&jid=1396228756&gjid=737771057&_gid=1790716174.1690221863&_u=YADAAEAAQAAAACAAI~&z=1050737804
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 24 Jul 2023 18:04:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bonus.ly
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
leadflows.js
js.hsleadflows.net/ 		539 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/1973303.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:836e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34e8744466c5ff918e7c5dc146e8dec70cfcdbdd60b773f2bcaa5e5409d7512b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://bonus.ly
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-encoding
br
age
59926
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1223/bundle/main/lead-flows-release.js&cfRay=7eb85eced93f30cf-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"ec18ee4dbbad7ceab888c3cda4eb9705"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1223/bundle/main/lead-flows-release.js
date
Mon, 24 Jul 2023 18:04:23 GMT
x-amz-version-id
RJnwkomo1rBqmkgtVuuzVEpsjxOWMbB.
via
1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
ccfbe545-8d2a-497c-a002-9073455fac35
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-request-id
ccfbe545-8d2a-497c-a002-9073455fac35
last-modified
Tue, 18 Jul 2023 09:47:02 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-htvsg
cf-ray
7ebe15d46a389241-FRA
x-amz-cf-id
5T0-6W8fO9WeTkISQiE62yw8EyHjKz1a7aPKzjebgQUdyM7Vx9Z16A==
1973303.js
js.hs-analytics.net/analytics/1690221600000/ 		68 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1690221600000/1973303.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/1973303.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2813ffc4e5bdc210498d0194dc0795fe654e9594d604e3b026420ff1e8523b57

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:23 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
XE303RTJ03QG023M
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
7015e35b-5f13-4410-ba0b-ff04d728b37f
x-envoy-upstream-service-time
29
x-amz-id-2
k0WEXScGfaMFF2wMxyk/Vo9xsZOCVmIqM0zDcMtM82Qkigme7Q4vIpe9Jam5RKPJYlLVTyxckfE=
x-evy-trace-listener
listener_https
x-request-id
7015e35b-5f13-4410-ba0b-ff04d728b37f
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 20 Jul 2023 15:54:58 GMT
server
cloudflare
etag
W/"b9fd398630bc72146ac3fd43eb7a7632"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
7ebe15d46834926b-FRA
expires
Mon, 24 Jul 2023 18:09:23 GMT
fb.js
js.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/1973303.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:77be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:23 GMT
x-amz-version-id
aAzOiTTzU7.XykyGrcpmeR7PTeB2LyLv
via
1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
76
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.387/bundles/pixels-release.js&cfRay=7ebe13f96e341c2a-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
12866e5d-6fe3-4c2d-a6df-fd45cc81ee62
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
12866e5d-6fe3-4c2d-a6df-fd45cc81ee62
last-modified
Tue, 18 Jul 2023 03:27:27 UTC
server
cloudflare
etag
W/"784f994871e489c9943a65326d43e875"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-xhv87
cf-ray
7ebe15d46b61bb4a-FRA
x-amz-cf-id
xQVtYMgMA4jn7FhZaugjHNA27ldPHbeGSrl1Cx0WzWotA6mhWkWvXA==
x-hs-target-asset
adsscriptloaderstatic/static-1.387/bundles/pixels-release.js
1973303.js
js.hs-banner.com/ 		63 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/1973303.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/1973303.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b672a75ce0b8c73aa7c87808d652ff68e29e8c2a0f34a595c9a146ac10b7299f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:23 GMT
x-amz-version-id
tg7q.75MiaKTEtR4jPyyxXigOxj.Lfh5
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
F3T0JJ7GR1Z3CKKE
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-envoy-upstream-service-time
21
x-amz-id-2
+jMBO47Gpb0ZkHMTyptUWC66OSq69VwY1kFgmZfaZY40Hw8ev9RDFfSZd1FEZTvgDUdLd+ZpyAM=
x-evy-trace-listener
listener_https
x-request-id
2773664d-55fa-4a62-b9d2-49ccd69b3ce4
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 07 Jun 2023 14:52:52 GMT
server
cloudflare
etag
W/"1afb5ad17780a8588f097ce12f1933d6"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://bonus.ly
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-9vnjb
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
7ebe15d46e559295-FRA
expires
Mon, 24 Jul 2023 18:09:23 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-34854530-1&cid=1200054491.1690221863&jid=1396228756&_u=YADAAEAAQAAAACAAI~&z=740662899
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:23 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-34854530-1&cid=1200054491.1690221863&jid=1396228756&_u=YADAAEAAQAAAACAAI~&z=740662899
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jul 2023 18:04:23 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
c.gif
grow.clearbitjs.com/api/ 		35 B
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grow.clearbitjs.com/api/c.gif?r=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&c=direct
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.24.57.3 , United States, ASN397273 (RENDER, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-render-origin-server
Render
vary
Accept-Encoding
content-type
image/gif
cf-ray
7ebe15d46dfc9277-FRA
alt-svc
h3=":443"; ma=86400
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=433534167062953&ev=PageView&dl=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&rl=&if=false&ts=1690221863100&sw=1600&sh=1200&v=2.9.116&r=stable&ec=0&o=30&fbp=fb.1.1690221863098.539240824&cs_est=true&it=1690221862832&coo=false&rqm=GET
Requested by
Host: bonus.ly
URL: https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 24 Jul 2023 18:04:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
view
js.hs-banner.com/cookie-banner-public/v1/activity/ 		0
0
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2772089698&v=1.1&a=1973303&pu=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&t=Bonusly+-+Reimagine+Employee+Recognition&cts=1690221863535&vi=529af18e823c10a2373988566d222634&nc=true&ce=false&pt=3&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Mon, 24 Jul 2023 18:04:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
ff83b00b-f2fc-4370-8cb7-e5119b5c46cf
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
10
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ff83b00b-f2fc-4370-8cb7-e5119b5c46cf
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46IaJfO6E5Opy%2Bdc4yBdSrr042vqa%2B2eT3Fagn1EeSzDoN8t6aRXwhVrJO7hSHOStcab791NBwgAOQsTckMuq46Lzyz5lKUustP9XmOH1sMynJrF4ZLY1VPPRCiDwNlb6EvbcdUOh5IbBuSACMd1"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-lqfnv
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7ebe15d81bd735f9-FRA
x-robots-tag
none
rum
bonus.ly/cdn-cgi/ 		0
136 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bonus.ly/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:987a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
content-type
application/json

Response headers

date
Mon, 24 Jul 2023 18:04:23 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://bonus.ly
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7ebe15d74cc55bf1-FRA
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=433534167062953&ev=Microdata&dl=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&rl=&if=false&ts=1690221863604&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Bonusly%20-%20Reimagine%20Employee%20Recognition%22%2C%22meta%3Adescription%22%3A%22The%20easiest%20way%20to%20recognize%20and%20reward%20employees.%20Increase%20employee%20engagement%20and%20retention%20with%20Bonusly.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Bonusly%20-%20Reimagine%20Employee%20Recognition%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Frecognition-production-cdn-aws.bonus.ly%2Fassets%2Flogo%2Frectangular_banner_logo_920-80e742cc4dda33aa5b7ab0dc8062018b17caefc2ebca1ceb938cde9622a88c87.jpg%22%2C%22og%3Alogo%22%3A%22https%3A%2F%2Frecognition-production-cdn-aws.bonus.ly%2Fassets%2Flogo%2Fbonusly_logo_128-fc854719ebeeb0b0596204483360ba5a699eabe0ec41bda04fdb77b52d369361.png%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit%22%2C%22og%3Adescription%22%3A%22The%20easiest%20way%20to%20recognize%20and%20reward%20employees.%20Increase%20employee%20engagement%20and%20retention%20with%20Bonusly.%22%2C%22twitter%3Asite%22%3A%22https%3A%2F%2Fbonus.ly%22%2C%22twitter%3Acreator%22%3A%22%40bonusly%22%2C%22twitter%3Atitle%22%3A%22Bonusly%20-%20Reimagine%20Employee%20Recognition%22%2C%22twitter%3Adescription%22%3A%22The%20easiest%20way%20to%20recognize%20and%20reward%20employees.%20Increase%20employee%20engagement%20and%20retention%20with%20Bonusly.%22%2C%22twitter%3Acard%22%3A%22summary_large_image%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.116&r=stable&ec=1&o=30&fbp=fb.1.1690221863098.539240824&it=1690221862832&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 24 Jul 2023 18:04:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
edge.fullstory.com
URL
https://edge.fullstory.com/s/settings/MBRJG/v1/web
Domain
rs.fullstory.com
URL
https://rs.fullstory.com/s/settings/MBRJG/v1/web
Domain
www.googleoptimize.com
URL
https://www.googleoptimize.com/optimize.js?id=OPT-NBHK7L3
Domain
scout-cdn.salesloft.com
URL
https://scout-cdn.salesloft.com/sl.js
Domain
tracking.g2crowd.com
URL
https://tracking.g2crowd.com/attribution_tracking/conversions/863.js?p=https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit&e=
Domain
ws.zoominfo.com
URL
https://ws.zoominfo.com/pixel/UykUEab03gwPaBA0dcv8
Domain
cdn.linkedin.oribi.io
URL
https://cdn.linkedin.oribi.io/partner/414777/domain/bonus.ly/token
Domain
js.hs-banner.com
URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| $ function| jQuery object| dataLayerData object| dataLayer undefined| userId function| hj string| GoogleAnalyticsObject function| ga string| locale boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FullStory string| brandColor object| __cfBeacon string| _fs_loaded function| _fs_shutdown object| google_tag_manager object| google_tag_data string| _linkedin_data_partner_id function| twq object| _hjSettings object| GooglebQhCsO function| fbq function| _fbq string| SLScoutObject function| slscout function| onYouTubeIframeAPIReady object| gaGlobal object| regeneratorRuntime object| twttr object| gaplugins object| gaData function| UET function| UET_init function| UET_push object| ueto_741fe8c6c6 object| uetq function| lintrk boolean| _already_called_lintrk object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| _hsp boolean| PIXELS_RAN object| enabledEventSettings object| _hsq object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _hspb_ran boolean| _hspb_loaded boolean| _hstc_ran string| __hsUserToken number| expireDateTime

25 Cookies

Domain/Path Name / Value
.bonus.ly/ Name: __cf_bm
Value: oCP1dZufoLi2fh3A00REPqbcEvbIGK1rxNo61fUtw5k-1690221861-0-AYs4NCKvD1SCYWLmPgPRpCBjNFnWDIGiqJZSErucbHg2IgySVsUyg7fHyWuvZtqw0Cf2LKqtT0FdHKKT3hoHo2c=
bonus.ly/ Name: _special_sauce_session
Value: lHBc%2BQSkRf1C1vHBNNk6ZA%2F4AYRvtAC34iocsROL%2FiR8l0vFGxm3NmvhYm7vbJc%2BS9t%2F3F%2BOSrOzyFxV%2F41f%2BqK8n8O1%2FCaxekUsxpOfPixmQRPh%2BP0PDVLNcsJcfuTMROxXeqHCZ6ETlCSfPHU441y0o3ii8jBvj2lwAz7MLhx4rS5QLaIJPhvuNvYErjfJEUadTEG0RmG0ywgadKCYKr8EW1JGY4%2BqnTx4DJjJtINh0%2BZUYoxmKj1CfoSmBQPAOh3kqAMbZwUU%2FA%2Fs%2FdmMhBJ0PMxP9vAikUFjoebhwOl8fJ0QReY2yPJPvj%2BJFSYqjkR5OK4c80OpRqjIGw%2Fe57t7G%2Fp9lK7iClA7oJ4pLA1Ew4qZPoLdmuyjLG6S2v7m9V8qU2AfKiUVs4%2FgHdnWrcuzMnghooLRKH4F9vc1cyppKnyGB8yOAueXHaTuo6k3qyu1YCBIfPVezopj3LIBJr0uCJfWsMtz9mk6Lu1LlY8%3D--%2FhQE52x3siK0r7tH--W2fopF11vtsC2KJkSzqcnw%3D%3D
.bonus.ly/ Name: _gcl_au
Value: 1.1.107045567.1690221863
.bonus.ly/ Name: cf_clearance
Value: GLTVPY2jtzl4hTE6bQSFoYF_J82dbzLKHw9eu_eQRnQ-1690221862-0-0.1.1690221862
.bonus.ly/ Name: _ga_LYH0R10SEC
Value: GS1.1.1690221862.1.0.1690221862.60.0.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.bonus.ly/ Name: _ga
Value: GA1.2.1200054491.1690221863
.bonus.ly/ Name: _gid
Value: GA1.2.1790716174.1690221863
.bonus.ly/ Name: _gat
Value: 1
.bonus.ly/ Name: _uetsid
Value: 84c79b702a4c11eeaa75af4667a6390a
.bonus.ly/ Name: _uetvid
Value: 84ca8e302a4c11ee933807620ba7d1c2
.bing.com/ Name: MUID
Value: 2800983B6C6A689B18588B636DE169CF
.grow.clearbitjs.com/ Name: __cf_bm
Value: 4VbNQ2CTw1MVu2_S9RgFnB1O6D666Lwpjdat7Hqkaz4-1690221862-0-AVrhRObAootWtkRBO2uNj/4PPnxKY0+wQ6m/7vnbJAj2CGNmj2VFyrqxVfNQl++8M63/i8POXzQCWEt0builOr0=
.t.co/ Name: muc_ads
Value: 6f820712-76e1-487c-ac7a-6e08471dbc5a
.twitter.com/ Name: personalization_id
Value: "v1_+oa42P1UpEHSvafHmJp6Lg=="
.bonus.ly/ Name: _fbp
Value: fb.1.1690221863098.539240824
.linkedin.com/ Name: bcookie
Value: "v=2&d8d8bc73-bc58-4615-8573-0269cea81efa"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTAyMjE4NjM7MjswMjG2pdgWFvqr3Vv+HGxXcJgMa8rcH1sNvGDaKrfvakC9wA==
.linkedin.com/ Name: lidc
Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2561:u=1:x=1:i=1690221863:t=1690308263:v=2:sig=AQH4T09ASIOj0DqWpS4n0DVPhHhkeJbT"
.bonus.ly/ Name: _hjSessionUser_1260982
Value: eyJpZCI6Ijc3OGFiZmNkLTdjYmUtNTU2ZS05YjI4LTMwNDVkNjc1YTY2NyIsImNyZWF0ZWQiOjE2OTAyMjE4NjMyNDIsImV4aXN0aW5nIjpmYWxzZX0=
.bonus.ly/ Name: _hjFirstSeen
Value: 1
.bonus.ly/ Name: _hjIncludedInSessionSample_1260982
Value: 0
.bonus.ly/ Name: _hjSession_1260982
Value: eyJpZCI6IjA0MDVmNjNlLTFhYmEtNGRiMC1iNzk4LTllYmExZjg3MDAyNyIsImNyZWF0ZWQiOjE2OTAyMjE4NjMyNTMsImluU2FtcGxlIjpmYWxzZX0=
.bonus.ly/ Name: _hjAbsoluteSessionInProgress
Value: 0
.hubspot.com/ Name: __cf_bm
Value: XW1uuSmo3a2kvHQ6QaBiK3dMYKdlrZMYAoPh6cBhLTw-1690221863-0-AYasng/vUL7ZGSFhfjl/NWPdzSTBTEkuKstzcyDrH/ck6qqlOl2SugFb3jlBzbG1MtoTomkJ9JFFe80H76zFlvE=

11 Console Messages

Source Level URL
Text
security error URL: https://edge.fullstory.com/s/fs.js(Line 3)
Message:
Refused to connect to 'https://edge.fullstory.com/s/settings/MBRJG/v1/web' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com".
security error URL: https://edge.fullstory.com/s/fs.js(Line 3)
Message:
Refused to connect to 'https://rs.fullstory.com/s/settings/MBRJG/v1/web' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-N5K2M3S(Line 100)
Message:
Refused to load the script 'https://www.googleoptimize.com/optimize.js?id=OPT-NBHK7L3' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error
Message:
Refused to load the script 'https://scout-cdn.salesloft.com/sl.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error
Message:
Refused to load the script 'https://tracking.g2crowd.com/attribution_tracking/conversions/863.js?p=https://bonus.ly/user/email_preferences/64be598d83621000210255cc/edit&e=' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error
Message:
Refused to load the script 'https://ws.zoominfo.com/pixel/UykUEab03gwPaBA0dcv8' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtag/js?id=G-LYH0R10SEC&l=dataLayer&cx=c(Line 157)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-LYH0R10SEC&gtm=45je37j0&_p=356300299&_gaz=1&cid=1200054491.1690221863&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690221862&sct=1&seg=0&dl=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&dt=Bonusly%20-%20Reimagine%20Employee%20Recognition&en=page_view&_fv=1&_nsi=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com".
security error URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Message:
Refused to connect to 'https://cdn.linkedin.oribi.io/partner/414777/domain/bonus.ly/token' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com".
network error URL: https://tag.clearbitscripts.com/v1/pk_314ecea713d6fc4d1b570380427eb5fa/tags.js
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://js.hs-banner.com/1973303.js(Line 15)
Message:
Refused to connect to 'https://js.hs-banner.com/cookie-banner-public/v1/activity/view' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-LYH0R10SEC&l=dataLayer&cx=c(Line 157)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-LYH0R10SEC&gtm=45je37j0&_p=356300299&cid=1200054491.1690221863&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1690221862&sct=1&seg=0&dl=https%3A%2F%2Fbonus.ly%2Fuser%2Femail_preferences%2F64be598d83621000210255cc%2Fedit&dt=Bonusly%20-%20Reimagine%20Employee%20Recognition&en=scroll&epn.percent_scrolled=90&_et=14' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com *.jquery.com recognition-production-cdn-aws.bonus.ly *.bootstrapcdn.com script.hotjar.com surveys-static.survicate.com; img-src * data: blob:; object-src 'self' recognition-production-cdn-aws.bonus.ly; script-src 'self' 'unsafe-inline' connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net js.usemessages.com forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net recognition-production-cdn-aws.bonus.ly *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.intercom.io *.intercomcdn.com *.jquery.com *.linkedin.com *.stripe.com *.twimg.com *.twitter.com zapier.com static.ads-twitter.com hotjar.com *.hotjar.com www.instagram.com *.licdn.com *.clearbit.com *.clearbitjs.com *.clearbitscripts.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com js.chargebee.com *.intellimize.com *.intellimize.co *.intellimizeio.com mfe.bonus.ly data-component-library.bonus.ly data-component-library-staging.bonusly.dev datalayerapi-staging.bonusly.dev datalayerapi.bonusly.dev bonus.ly/api/ums edge.fullstory.com cdn.merge.dev cdn.amplitude.com *.trybento.co static.cloudflareinsights.com survey.survicate.com surveys-static.survicate.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bonus.ly *.google.com js.chilipiper.com *.chilipiper.com js.chargebee.com *.jquery.com zapier.com bonus.ly/api/ums surveys-static.survicate.com; connect-src 'self' https://*.intercom.io wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly *.hsforms.com *.zapier.com *.zapier-staging.com bonus.ly/api/datalayer rum.browser-intake-datadoghq.com logs.browser-intake-datadoghq.com bonus.ly/api/ums api.amplitude.com *.trybento.co wss://*.trybento.co respondent.survicate.com; frame-ancestors 'self' *.bonus.ly *.bonusly.dev *.screencloud.com *.screen.cloud *.screencloudapps.com *.next.sc http://localhost:* staffspace.oma.org http://10.0.0.4:* *.sharepoint.com *.it1.be dashboard.skilljar.com app.resplendentdata.com *.jancare.com *.valotalive.com *.valota.live http://swr-apps-v:* https://aceandcompany.intranet.digital *.kaufmanrossin.com; frame-src 'self' fast.wistia.net js.stripe.com share.intercom.io bonus.ly *.bonus.ly *.bonusly.dev *.hubspot.com *.doubleclick.net *.google.com *.twitter.com *.vimeo.com *.hsforms.com *.youtube.com www.instagram.com *.hotjar.com api.intellimize.co js.chilipiper.com *.chilipiper.com my.pima.app bonusly.chargebee.com bonusly-test.chargebee.com js.chargebee.com *.intellimizeio.com intercom-sheets.com cdn.merge.dev *.trybento.co; media-src js.intercomcdn.com media.tenor.com *.bonus.ly *.bonusly.dev
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
analytics.twitter.com
bat.bing.com
bonus.ly
cdn.linkedin.oribi.io
code.jquery.com
connect.facebook.net
edge.fullstory.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
grow.clearbitjs.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsleadflows.net
px.ads.linkedin.com
px4.ads.linkedin.com
recognition-production-cdn-aws.bonus.ly
rs.fullstory.com
scout-cdn.salesloft.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.cloudflareinsights.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag.clearbitscripts.com
track.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
cdn.linkedin.oribi.io
edge.fullstory.com
js.hs-banner.com
rs.fullstory.com
scout-cdn.salesloft.com
tracking.g2crowd.com
ws.zoominfo.com
www.googleoptimize.com
104.244.42.197
104.244.42.3
108.139.243.30
108.139.243.67
13.107.42.14
146.75.116.157
2001:4de0:ac18::1:a:3b
216.24.57.3
2600:9000:2113:6200:7:d7d6:3c40:93a1
2606:4700:4400::ac40:987a
2606:4700::6810:3865
2606:4700::6810:77be
2606:4700::6810:8ace
2606:4700::6811:836e
2606:4700::6812:19c4
2606:4700::6812:873b
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::200a
2a00:1450:4001:812::200e
2a00:1450:4001:813::2008
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2004
2a00:1450:4001:831::2003
2a00:1450:400c:c0a::9a
2a02:26f0:3100::1735:28d9
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
35.201.112.186
005b5900b7c883605a51064c4d229f497c8ba63718c411f74a071316b33d2e1f
15d142ad66a6bfd0be19193ded15d862cd6b6c5b435ad0dfae6c267e37285ca1
1d90d8acaf8e945cbe6301f571086a38f216bd9c161fa975fea3c75b6f8d3662
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2813ffc4e5bdc210498d0194dc0795fe654e9594d604e3b026420ff1e8523b57
31203beb2df10065aa42dee6f38d11768abda507ed6435fc7c72ec95c64bf9c4
34e8744466c5ff918e7c5dc146e8dec70cfcdbdd60b773f2bcaa5e5409d7512b
3a67a4e0535a8b69ba494c982b398233b5f9616fe5bd1b71f56de0ddc8a3c30e
49d03d530d52201f6b408ff2b6139d77d8ba34d4bf9b8d429d1983f623bee130
5facf3ca997fd8a7658579d40b8bc44a659e12df5b45b2f1f1713f987b86366c
61b356eebaefd79960aeb0e201ecc895ab277c85db03e46ed553a3d68107b338
62ed4d49c5a79b0aff17f47c74efc7958d70987d9350e746c0342755587dd3df
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
900933fb9faf26970ee0b554e2980bb5c77f6af3e3378422f32ed05dfcb4b575
a2d1584efbc8e36a0a6db76f272418e93c86e0b417a69bfc1e88403c9b713be2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af780e357234ceb6feec085a9a31f46834c88c4d3852d79050ad9dc3658a3a67
b672a75ce0b8c73aa7c87808d652ff68e29e8c2a0f34a595c9a146ac10b7299f
be92933b839bd4ce1b67c440bd9bd832d8a7333d578c7d1061d00edbceb557d3
c3b832350962ac3ba8a6f89d76e744fdbcdf37d5f810b8ff1fc8cb3dc8f964c6
c48e9703a155ada36014a63969a61894e7fba42fdb76245724a5f8725e79ea58
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d5eca8665d8bec2b41413bbf0417157216485c8ad3f514d8fede895967eaba2e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e534cfc213cdc6466ef991b49dfb48e6a0f7d934d1ed031b925733e2ab0994f1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a56ad649773918a08946891c16fa59289279e16c199ebb07a8ca8be4b7ef7e
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e