identity.gympass.com Open in urlscan Pro
52.222.236.27 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ablink.mail.wellhub.com/ss/c/u001.ltyjuRBbKdPSMl7kIMr56fVDq1AHTlib3awFb1lUF8lk7FaINu5mk4OyYQ2T9XY9CXRoPhA474pMSjlKUpy_LP...
Effective URL:
https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2F...
Submission: On October 28 via api (October 28th 2024, 1:18:01 pm UTC) from US — Scanned from DE

Summary HTTP 58 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 58 HTTP transactions. The main IP is 52.222.236.27, located in United States and belongs to AMAZON-02, US. The main domain is identity.gympass.com. The Cisco Umbrella rank of the primary domain is 350156.
TLS certificate: Issued by Amazon RSA 2048 M03 on May 9th 2024. Valid for: a year.

This is the only time identity.gympass.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.225.78.2 13.225.78.2	16509 (AMAZON-02) (AMAZON-02)
1 1	18.173.205.63 18.173.205.63	16509 (AMAZON-02) (AMAZON-02)
21	2600:9000:237... 2600:9000:237d:2c00:18:718f:f780:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:200... 2a04:4e42:200::729	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:4239	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2400:52e0:1e0... 2400:52e0:1e00::1081:1	60068 (CDN77 _) (CDN77 _)
2	2400:52e0:1e0... 2400:52e0:1e00::1079:1	60068 (CDN77 _) (CDN77 _)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
16	52.222.236.27 52.222.236.27	16509 (AMAZON-02) (AMAZON-02)
9	2600:9000:26d... 2600:9000:26da:4200:1e:dcb6:d040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
58	11

1 13.225.78.2 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-2.fra2.r.cloudfront.net

ablink.mail.wellhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.205.63 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-63.fra56.r.cloudfront.net

gympass.onelink.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:237d:2c00:18:718f:f780:93a1 (United States)

ASN16509 (AMAZON-02, US)

plan-management.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)

js.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4239 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1081:1 (Germany)

ASN60068 (CDN77 _, GB)

survey.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1079:1 (Germany)

ASN60068 (CDN77 _, GB)

surveys-static.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o4504963224764416.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.222.236.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-27.fra56.r.cloudfront.net

identity.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:26da:4200:1e:dcb6:d040:93a1 (United States)

ASN16509 (AMAZON-02, US)

statics-account.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	gympass.com plan-management.gympass.com — Cisco Umbrella Rank: 866149 identity.gympass.com — Cisco Umbrella Rank: 350156 statics-account.gympass.com — Cisco Umbrella Rank: 681948	2 MB
3	survicate.com survey.survicate.com — Cisco Umbrella Rank: 5244 surveys-static.survicate.com — Cisco Umbrella Rank: 10176	122 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3	1 KB
2	sentry-cdn.com js.sentry-cdn.com — Cisco Umbrella Rank: 5097 browser.sentry-cdn.com — Cisco Umbrella Rank: 5069	74 KB
1	gstatic.com www.gstatic.com	217 KB
1	sentry.io o4504963224764416.ingest.sentry.io — Cisco Umbrella Rank: 645324	300 B
1	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 971	5 KB
1	onelink.me 1 redirects gympass.onelink.me	556 B
1	wellhub.com 1 redirects ablink.mail.wellhub.com — Cisco Umbrella Rank: 357227	633 B
58	9

	Domain	Requested by
21	plan-management.gympass.com	plan-management.gympass.com
16	identity.gympass.com	plan-management.gympass.com identity.gympass.com
9	statics-account.gympass.com	identity.gympass.com
2	www.google.com	identity.gympass.com www.gstatic.com
2	surveys-static.survicate.com	survey.survicate.com
1	www.gstatic.com	www.google.com
1	o4504963224764416.ingest.sentry.io	browser.sentry-cdn.com
1	survey.survicate.com	plan-management.gympass.com
1	browser.sentry-cdn.com	js.sentry-cdn.com
1	cdn.optimizely.com	plan-management.gympass.com
1	js.sentry-cdn.com	plan-management.gympass.com
1	gympass.onelink.me	1 redirects
1	ablink.mail.wellhub.com	1 redirects
58	13

This site contains links to these domains. Also see Links.

Domain
gympass.com
www.gympass.com
policies.google.com

Subject Issuer	Validity	Valid
gympass.com Amazon RSA 2048 M03	`2024-05-09` - `2025-06-06`	a year	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-06-04` - `2025-07-06`	a year	crt.sh
cdn.optimizely.com WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
*.survicate.com Sectigo RSA Domain Validation Secure Server CA	`2024-08-19` - `2025-09-19`	a year	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-03` - `2025-07-29`	10 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid
Frame ID: E4BB0969D561B15C8B387179982F2A73
Requests: 56 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lf32yUqAAAAAJfxa-87-L5ga_kDepDn0ormX01R&co=aHR0cHM6Ly9pZGVudGl0eS5neW1wYXNzLmNvbTo0NDM.&hl=de&v=-ZG7BC9TxCVEbzIO2m429usb&size=invisible&cb=nqf5f61f30nj
Frame ID: D04732DF0E63E4CB827B3290A3450D3B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Gympass

Page URL History Show full URLs

https://ablink.mail.wellhub.com/ss/c/u001.ltyjuRBbKdPSMl7kIMr56fVDq1AHTlib3awFb1lUF8lk7FaINu5mk4OyYQ2T9XY9CX... HTTP 302
http://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_ra... HTTP 307
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_ra... HTTP 301
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_con... Page URL
https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirec... Page URL

Detected technologies

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

58
Requests

97 %
HTTPS

50 %
IPv6

9
Domains

13
Subdomains

11
IPs

2
Countries

2505 kB
Transfer

4891 kB
Size

5
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://gympass.com/sign-up/company-search/?user_country=us
Title: Melde dich kostenlos an

Search URL Search Domain Scan URL

URL: https://www.gympass.com/de/datenschutz
Title: Datenschutzrichtlinie

Search URL Search Domain Scan URL

URL: https://www.gympass.com/de/bedingungen
Title: Gympass Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://www.gympass.com/us/cookies
Title: Cookie-Richtlinie

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy?hl=en-US
Title: Datenschutzrichtlinie von Google

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ablink.mail.wellhub.com/ss/c/u001.ltyjuRBbKdPSMl7kIMr56fVDq1AHTlib3awFb1lUF8lk7FaINu5mk4OyYQ2T9XY9CXRoPhA474pMSjlKUpy_LPRzTiouq-jzooPCpIIhAoK30QMAG8Oxs9FMtzeWszdaayBFIlKNDYri2Qb9ml_OONaQvCNEyCtB2d-dz2BKiauImBxIHlne07Vwhwcj0p2D-fiqJsOBryepySgdqGNszkdXH1mO1WtkUJtCtJnSlUIUm7aJVdgahq-nKIqEqxw7/4a2/6qs6mCNYQ2aMHZPNTEbZeA/h17/h001.offIKdWcbV6aliQclgkFANBJV7GD2DGY6m2ripXSmEA HTTP 302
http://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&utm_content=none&lid=irauriyogqvd&utm_term=growth-Email-04 HTTP 307
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&utm_content=none&lid=irauriyogqvd&utm_term=growth-Email-04 HTTP 301
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase Page URL
https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ablink.mail.wellhub.com/ss/c/u001.ltyjuRBbKdPSMl7kIMr56fVDq1AHTlib3awFb1lUF8lk7FaINu5mk4OyYQ2T9XY9CXRoPhA474pMSjlKUpy_LPRzTiouq-jzooPCpIIhAoK30QMAG8Oxs9FMtzeWszdaayBFIlKNDYri2Qb9ml_OONaQvCNEyCtB2d-dz2BKiauImBxIHlne07Vwhwcj0p2D-fiqJsOBryepySgdqGNszkdXH1mO1WtkUJtCtJnSlUIUm7aJVdgahq-nKIqEqxw7/4a2/6qs6mCNYQ2aMHZPNTEbZeA/h17/h001.offIKdWcbV6aliQclgkFANBJV7GD2DGY6m2ripXSmEA HTTP 302
http://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&utm_content=none&lid=irauriyogqvd&utm_term=growth-Email-04 HTTP 307
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&utm_content=none&lid=irauriyogqvd&utm_term=growth-Email-04 HTTP 301
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
plan-management.gympass.com/
Redirect Chain

https://ablink.mail.wellhub.com/ss/c/u001.ltyjuRBbKdPSMl7kIMr56fVDq1AHTlib3awFb1lUF8lk7FaINu5mk4OyYQ2T9XY9CXRoPhA474pMSjlKUpy_LPRzTiouq-jzooPCpIIhAoK30QMAG8Oxs9FMtzeWszdaayBFIlKNDYri2Qb9ml_OONaQvCN...
http://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&utm_content=none&lid=irauriyogqvd&utm_term=growth-Email-04
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&utm_content=none&lid=irauriyogqvd&utm_term=growth-Email-04
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_...

2 KB
2 KB

1415ms
17ms

Document
text/html

2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

510e32df5b6336de42dd6f2f05e3925a3710e959f2607048029e4fa0803f385f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 42
cache-control: max-age=60, stale-while-revalidate=120
content-encoding: gzip
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
content-type: text/html
date: Mon, 28 Oct 2024 13:17:18 GMT
etag: W/"18fa262bece4293db46b73dd1bd12c6c"
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-cf-id: 4b6agoYIXf4kDi8q8ltGAs9BmAOh5R7yYlDtlw1hO5FamgafWHAM3A==
x-amz-cf-pop: MUC50-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: BSZgbJMlL.gGW4_6OD2mKJc2PSrMCQsd
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
cache-control: no-cache, no-store
content-length: 0
content-type: application/octet-stream
date: Mon, 28 Oct 2024 13:17:42 GMT
location: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 0140ca34c2d577c2578595f0c9e0050e.cloudfront.net (CloudFront)
x-amz-cf-id: k_iGjwYKHkDxe6ZBgtIVpMS6ssQf9nmczRMGFFbjiHVhe6fCT8u-Ag==
x-amz-cf-pop: FRA56-P12
x-cache: Miss from cloudfront

GET
H2 200 3fe896b0fdfc5a9285d4b30a4d076a51.min.js Show response
js.sentry-cdn.com/ 3 KB
2 KB 1049ms
41ms Script
text/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/3fe896b0fdfc5a9285d4b30a4d076a51.min.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

83ddf53cffe04b61c96a98a130c5fe418655d776a88071fbbf2df351545d06b5

Security Headers

Name	Value
Content-Security-Policy	frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; base-uri 'none'; worker-src blob:; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; connect-src 'self' .algolia.net .algolianet.com .algolia.io sentry.io .sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; frame-ancestors 'self' .sentry.io; default-src 'none'; font-src data:; style-src * 'unsafe-inline'; object-src 'none'; img-src * blob: data:; media-src *; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=f53a3f731e8992ada89e0086a90f1ad9cf074a21
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://plan-management.gympass.com
Referer: https://plan-management.gympass.com/

Response headers

content-encoding: gzip
age: 86
x-envoy-attempt-count: 1
x-content-type-options: nosniff
date: Mon, 28 Oct 2024 13:17:45 GMT
content-type: text/javascript
x-served-by: getsentry-web-default-common-production-f96994b55-d89tc, cache-chi-kigq8000109-CHI, cache-mad2200105-MAD
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; base-uri 'none'; worker-src blob:; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; frame-ancestors 'self' *.sentry.io; default-src 'none'; font-src * data:; style-src * 'unsafe-inline'; object-src 'none'; img-src * blob: data:; media-src *; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=f53a3f731e8992ada89e0086a90f1ad9cf074a21
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
timing-allow-origin: *
x-envoy-upstream-service-time: 20
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1360
x-xss-protection: 1; mode=block

GET
H2 200 tag.js Show response
cdn.optimizely.com/datafiles/FUV4mdGUpp8SVpshiAz8W.json/ 28 KB
5 KB 794ms
61ms Script
application/json 2606:4700::6812:4239
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.optimizely.com/datafiles/FUV4mdGUpp8SVpshiAz8W.json/tag.js
Requested by: Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 135dea7ef027b03946ac08f5e4f9c3d39d6821dbd54466afdda3fddde44777c6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/

Response headers

access-control-max-age: 604800
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: wY7Srd.WclBA9_ROp6bIk97gfyM1kWMw
age: 29
access-control-allow-methods: GET, HEAD, OPTIONS
date: Mon, 28 Oct 2024 13:17:45 GMT
x-amz-meta-revision: 418
content-type: application/json; charset=utf-8
last-modified: Mon, 28 Oct 2024 12:47:43 GMT
vary: Accept-Encoding
x-amz-id-2: 5eOMVvA8PeELnXdmEIWBOLaQ1QJ6y/o+zzaz6WAeNTGU5Lboyeofpk+/GSveOy15w8P+XXfYLYq6qKeLNqosigsFtq+YfxdjT/wj3f5ETgM=
access-control-allow-headers: *
x-amz-replication-status: PENDING
cache-control: max-age=5
timing-allow-origin: *
x-amz-meta-pci_enabled: False
access-control-allow-credentials: false
cf-ray: 8d9b353629301c3c-FRA
x-amz-request-id: Z3CJ11ZFMTW9M7YV
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 main.5bd572ba70dbc918bb10.js Show response
plan-management.gympass.com/ 9 KB
6 KB 183ms
96ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

564a185c158672e29f4f3d5363fe6422c1d2ebb649342a1f94404f869f1f586d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: OHubmIGxyk8fyEoAfnj6lorwjc2zVFI_
etag: W/"2a144acfcfcc8c576fb4a112d54d576f"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: PPkjCrsth70XTpQO-5lk1H-8UrTums-X4DN6zMw0mdB-NCIvevDpYg==
date: Mon, 28 Oct 2024 13:17:18 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 remoteEntry.js Show response
plan-management.gympass.com/ 10 KB
6 KB 231ms
77ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/remoteEntry.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2688713625475bd3bb2b2bbaa6d9fe204b6b726f5bf3efd0d3a5497e5f60ca3f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: Xn81rGquSyppqxiYIGIABOuqzUqTDpXm
etag: W/"1de62c511977da4cc6b5280bc8ebd2ff"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: xjiAQtmgps7twwDDzdFsiTD4oP4VdMXM0zW-6qAKXDcfFVUX19SWww==
date: Mon, 28 Oct 2024 13:17:18 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:11 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bundle.tracing.replay.min.js Show response
browser.sentry-cdn.com/7.119.2/ 223 KB
71 KB 628ms
48ms Script
application/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/7.119.2/bundle.tracing.replay.min.js

Requested by

Host: js.sentry-cdn.com
URL: https://js.sentry-cdn.com/3fe896b0fdfc5a9285d4b30a4d076a51.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a11f5c920310ada752a6de2ffa28df11b348c96238117069cf5e4edb6159d0ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://plan-management.gympass.com
Referer: https://plan-management.gympass.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
etag: "30a00f525a192cb2b32b8812e5e22f02"
age: 1091074
expires: Fri, 10 Oct 2025 16:02:19 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 72837
date: Mon, 28 Oct 2024 13:17:46 GMT
last-modified: Thu, 10 Oct 2024 14:52:50 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: Fastly

GET
H2 200 web_surveys.js Show response
survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/ 57 KB
11 KB 737ms
72ms Script
application/javascript 2400:52e0:1e00::1081:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/web_surveys.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1081 /

Resource Hash

7b553a24c4dd9c2721e0f7727248e0dd0b6e34308afe4a0873931e793b6c7b70

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; connect-src https://respondent.survicate.com 'self'; img-src https://*; font-src https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://use.typekit.net https://fonts.gstatic.com; report-to csp-endpoint-survey;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "56138f945fb4b6363663b1f57272b28e"
x-amz-version-id: _MG.NFUFXghO.ISLUJ9KkK4eEz3tw4dr
report-to: { "group": "csp-endpoint-survey", "max_age": 10886400, "endpoints": [{ "url": "https://panel-api.survicate.com/_/report_csp/survey" }] }
x-content-type-options: nosniff
last-modified: Mon, 28 Oct 2024 12:29:12 GMT
content-type: application/javascript; charset=utf-8
cdn-cachedat: 10/28/2024 12:31:00
cdn-cache: HIT
cache-control: max-age=300
cdn-requestpullsuccess: True
cdn-pullzone: 1158558
cdn-proxyver: 1.05
x-amz-request-id: HGXMTENH3K7T29D9
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 1; mode=block
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1081
cdn-requestcountrycode: DE
date: Mon, 28 Oct 2024 13:17:46 GMT
vary: Accept-Encoding
x-amz-id-2: lQ823H4HRc6KaV0s/1iuDQMjCavjDWqv/URd/09K6qCH2kUAR+cRBEvncr9bsH9ZJXeRryN34uo=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
content-security-policy: default-src 'self' 'unsafe-inline' https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; connect-src https://respondent.survicate.com 'self'; img-src https://*; font-src https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://use.typekit.net https://fonts.gstatic.com; report-to csp-endpoint-survey;
cdn-requesttime: 0
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
cdn-requestid: 9562f1ac43c912b8e21e56ed1e7a5ef2
access-control-allow-origin: *

GET
H2 200 93.53c12d3adef9af78756a.js Show response
plan-management.gympass.com/ 322 KB
97 KB 189ms
58ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/93.53c12d3adef9af78756a.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ecfd31bc10a01aaf1dbe66af6830ac97a96d7701746481a950f85f96953fac0e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: oBa7cJ5n3VS76rBLL4pTQ0UKMCd5Diqt
etag: W/"5cb9ccebaeb20acd4b789f4d9f5e5bca"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 5be9JClirhRqNIhx7V8-azfNO99WqSUCotgt7QWVBjKn13zMIqglXA==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 384.b746e1b5814e24582451.js Show response
plan-management.gympass.com/ 62 KB
17 KB 188ms
69ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/384.b746e1b5814e24582451.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

686128365fca0e3963a7e4b4064ec01cfeee9bc6356bebf109231caddfd0e427

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: 0U4AzrxqD4I9TINSXb2jsDsJHbcSDzZ_
etag: W/"2614d1fb0ebf2b6033f9d6f7b866fbef"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 8UhJS-yI93ZTCd0OOsV4WWAVfFB3npweCbW2icOlgwxmyT1NC7hwTA==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 44.e322342dd2e91d3d7d71.js Show response
plan-management.gympass.com/ 252 KB
76 KB 189ms
59ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/44.e322342dd2e91d3d7d71.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

804c7c73e1ef549a8d6f15d5d55a93eab49812b0e2ebd87a8d95f0d8c7d3a80d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: SNNxgMJloSp9mFIXUqKe1Zcd3ZKrQHJq
etag: W/"119753bc8820a05ac1ef1e2f9e208fea"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: HncaYrgN_SGO26QZJrFIlxKWkcTpGwq6EwwfuQY5R5Pk_ks-j5nj3w==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 976.7363378912f470acb9ca.js Show response
plan-management.gympass.com/ 7 KB
4 KB 320ms
191ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/976.7363378912f470acb9ca.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

88720ddf944a88dad1df1a3f52bb88232d4cfe01180808074f7f8663ee40379a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: ypVhFFcv4rSpymRmscVNlBy60o6p34zr
etag: W/"87c214908baad0a910c1ceb9e6a2d5d3"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: YNyGZjPiQYha3fywGNI6EMiLCL2KL6XDXZ4GrMHA3KFkvkQdRmYYLw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 632.264ed409ad0182b5fc85.js Show response
plan-management.gympass.com/ 30 KB
13 KB 323ms
194ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/632.264ed409ad0182b5fc85.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4217359f397700540edf53ad297b3b8dfc00933dc0763d5cabeafb6e12882ede

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: QxrJ5fQYfY9WTMCOi8uYJ2Rej9jULMG5
etag: W/"ed2ac714b3bdc05a9802e4bb911ff22e"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: fE5Ozavs1LLQGTasyxLPbUoY-40QBBfaC4tgtyNyRIVP1aFzeowzEw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 460.5604ca0b9a0050f7736a.js Show response
plan-management.gympass.com/ 272 KB
32 KB 313ms
185ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/460.5604ca0b9a0050f7736a.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6868614870d1002e1d5b6d07549215adace6af6f5072e394cd70777f8055a70a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: 2sXfI_2.40DSqf4.yx5xzYbrxOElTYgi
etag: W/"cee2f49afa35069569e708008c1652de"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: nibPSm9RQYPYSJB6JdyqPezoTwx4mSW60YrC7HGPw5kLfrH72FBT2g==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 788.e434ea51ddda2b164602.js Show response
plan-management.gympass.com/ 36 KB
15 KB 370ms
243ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/788.e434ea51ddda2b164602.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

44a86d3de5f2328789646f288cc9e679bc60b386473d92d4c977ac77af53a70c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: zn5tvAHM.CQoc41ApSzZ093fHvzaYVAq
etag: W/"bb27bb0959402694549b5940510eb695"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: W3844OIdYgIBxycdCMedpi3YMlOWPo6nqpEH1y9iC4FNuCwNyUphFw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 818.3b6048ced5df2c13bdee.js Show response
plan-management.gympass.com/ 50 KB
18 KB 367ms
240ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/818.3b6048ced5df2c13bdee.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

87ef710528a85f4b0460bf80267ed86ea94fdc159781a671a211d7c3fcef53f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: I9IcR5S6uM10o8_6S25f90DDKgu3U1cg
etag: W/"6b3eeb23eb9cee7a93add6722a24c812"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: FPgiz_tT2qqGq8W-xGg_IKQDhMU2WDksWyA-hiRXVpR097dCFePZsw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 935.fe179eb2168a58d913a1.js Show response
plan-management.gympass.com/ 131 KB
44 KB 386ms
259ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/935.fe179eb2168a58d913a1.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dd20cb1f11446576f85f631a9bace7591031c6fd06957ef1ccafcf637c627210

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: fnzEm3IYUAgd.1SWxrbeaRoJrIvYgNAL
etag: W/"4f0e324cf5c19f3f62f3dbe70836cc83"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: bATXTZbg9hQQhEQPfU8bqhZ4fSIRxe8dktCzzQ83JaqqOjsLseh28w==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 271.6ec78d55a0af1079fc46.js Show response
plan-management.gympass.com/ 676 KB
159 KB 402ms
276ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/271.6ec78d55a0af1079fc46.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0b7babfd21c7b68ad33fb05a8efcb81287001aa574792b67058a8ab849a70418

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: Sq3dFL6aMAWFja8GmEicrp.kQYvdZDo.
etag: W/"352467cb58b44c61f3284153eadd99cc"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: NMqsSNsUaaSFfhXXdyfPo-tZm2c7A_V3lXAk8nKeqb4KWuKln-NttQ==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:09 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 893.daf5506625db07a59285.js Show response
plan-management.gympass.com/ 1 KB
2 KB 728ms
603ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/893.daf5506625db07a59285.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1add0f64809ab1da27412a9ab523cd7430c3a8b602655d98f70e574d7e4f3092

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: ntlA6maonntwz_7z0jFKdIBe97k2BEfW
etag: W/"5d043f7749cadc4baa1c6e32950c87ea"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: ciZHZhbVHZ74sYZkDLnAIjTvV8RoH1I3wbtMhSM3ifvNBmq22SjQZw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 496.305b98fba1134a1cc1f6.js Show response
plan-management.gympass.com/ 37 KB
13 KB 727ms
604ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/496.305b98fba1134a1cc1f6.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1212efdbc0918a0495939c2b0c4e6abfc09e29cd11b93ab225e863af2b5a95d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: mfXRGAM0IYeTDqu6Ra0ejg3i3eRERMCO
etag: W/"954ed18cdfed963ce6514cccdf55a0f2"
age: 43
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 8IO-h13_jokNp8ptgfAnOmNC4c2SMTUh88ESdnFl4rik6LYbPYffbQ==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 fonts.css
surveys-static.survicate.com/fonts/ 8 KB
2 KB 433ms
15ms Stylesheet
text/css 2400:52e0:1e00::1079:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/fonts/fonts.css

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1079:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1079 /

Resource Hash

789e8685a564e07274fec164118e89fa040ff2779c6efe3d781b94aeea6f06eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "c010d2df3fedabc7f87b52ab6c64fb45"
x-amz-version-id: DKfYFJEsnO6tE9_NLnsroT_BTwaFxnx2
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 14:03:49 GMT
content-type: text/css
cdn-cachedat: 09/24/2024 07:53:43
cdn-cache: HIT
cache-control: public, max-age=604800
cdn-requestpullsuccess: True
cdn-pullzone: 1133799
cdn-proxyver: 1.04
x-amz-request-id: B3DMVX0F47C3YHRA
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 1; mode=block
cdn-edgestorageid: 756
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: DE
date: Mon, 28 Oct 2024 13:17:47 GMT
vary: Accept-Encoding
x-amz-id-2: QgyOJ367W4PAgmlGH55N9sWxpo3eJoqhaSLEqhYAwpD0c74sFOcOG5bhU4kd/iGsiho1Ww4GyAw=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
content-security-policy: default-src 'self'
cdn-requesttime: 0
x-frame-options: DENY
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
cdn-requestid: 1c0b751858c9eb2e1cae1b68a5ad266f
access-control-allow-origin: *

GET
H2 200 widget_core-24.17.3.js Show response
surveys-static.survicate.com/ 467 KB
110 KB 459ms
43ms Script
application/x-javascript 2400:52e0:1e00::1079:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/widget_core-24.17.3.js

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1079:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1079 /

Resource Hash

f2aeafe9eb63656f5c0cd803fbc74148edba5894a78b4a20ff93e775d97df2a5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://plan-management.gympass.com
Referer: https://plan-management.gympass.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "fed5006f15ade83f61127748d354b4b5"
x-amz-version-id: j6o2.5IetcYaLOrzkRfV3wVU60pJ1W5J
x-content-type-options: nosniff
last-modified: Thu, 24 Oct 2024 10:23:02 GMT
content-type: application/x-javascript
cdn-cachedat: 10/24/2024 11:01:04
cdn-cache: HIT
cache-control: public, max-age=604800
cdn-requestpullsuccess: True
cdn-pullzone: 1133799
cdn-proxyver: 1.04
x-amz-request-id: TKBZTPASD1D0E10X
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 1; mode=block
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: DE
x-amz-meta-codebuild-content-sha256: 25f62c257ad8c8576f6ae2ed1d5c287327a4dcc44ae5e0be7279822c61fa14da
access-control-max-age: 3600
x-amz-meta-codebuild-content-md5: 06b813c60a0181c345a9f432be15141f
access-control-allow-methods: GET
date: Mon, 28 Oct 2024 13:17:47 GMT
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:121050345386:build/prd-static:b1a63d21-0708-45a2-ba5c-ea59bd945168
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Vh0J2hBKlWq8NpgM4YvGDPHuSGmO7QEXZDThNYmkteGzvG+wyNhZZzN9AruSxwrR+j9IdqBZndE=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
content-security-policy: default-src 'self'
x-frame-options: DENY
cdn-requesttime: 0
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
cdn-requestid: 623be910ff66a8ba884f3f678bb686ad
access-control-allow-origin: *

POST
H2 200 / Show response
o4504963224764416.ingest.sentry.io/api/4506541754744832/envelope/ 2 B
300 B 387ms
10ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o4504963224764416.ingest.sentry.io/api/4506541754744832/envelope/?sentry_key=3fe896b0fdfc5a9285d4b30a4d076a51&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.119.2

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.119.2/bundle.tracing.replay.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://plan-management.gympass.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Mon, 28 Oct 2024 13:17:49 GMT
content-type: application/json
vary: origin, access-control-request-method, access-control-request-headers
server: nginx

GET 62bca2e7-c5bf-48d0-9b7f-1939d6f1f492
https://plan-management.gympass.com/ Frame 0
0

GET
H2 200 Primary Request auth Show response
identity.gympass.com/auth/realms/master/protocol/openid-connect/ 131 KB
133 KB 703ms
404ms Document
text/html 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/460.5604ca0b9a0050f7736a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

5e36a70ec67d627cabfa08c3bb695b0ff8c914dd28ab9198282f784bc3f17da0

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' https://.google.com; frame-ancestors 'self' https://.google.com https://*.gympass.com; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-store, must-revalidate, max-age=0
content-language: de
content-security-policy: frame-src 'self' https://*.google.com; frame-ancestors 'self' https://*.google.com https://*.gympass.com; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com 'unsafe-eval' 'unsafe-inline'
content-type: text/html;charset=utf-8
date: Mon, 28 Oct 2024 13:17:51 GMT
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-amz-cf-id: 0S5ZJmc_bsZ_utqpgL9V-d78I2D5bfCXZGZi6HXUx9v0qFoxTWt-3g==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: none
x-xss-protection: 1; mode=block

GET
H2 200 favicon.ico
plan-management.gympass.com/ 15 KB
16 KB 65ms
25ms Other
image/vnd.microsoft.icon 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

x-amz-version-id: Yb8rnKT.p.Z17I_BFE3sDVg8WRoqXyWk
etag: "05b7cc8e3e241068b2ad5c00d38a8f04"
age: 62
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: PA0JPfoE7hWLPvMi_WyhOBlcZM_Mab_m0cWavYXjlTpY-GSS7v9ZdA==
date: Mon, 28 Oct 2024 13:17:50 GMT
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 15406
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 859.04afda5018b8384ff95a.js
plan-management.gympass.com/ 11 KB
4 KB 63ms
33ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/859.04afda5018b8384ff95a.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: dNY.Mj1Xnu9wNuus_ZqJUpnR1aK5.UDX
etag: W/"27da1e7bdd69b8243b61e276b521695a"
age: 2
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: PgacfrV-pTIAZHP5ayQVz_2d238LDqDP0R71snHUAnBBGHP67WcPOQ==
date: Mon, 28 Oct 2024 13:17:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 488.440259d3b73f7f5e0bdc.js
plan-management.gympass.com/ 20 KB
8 KB 61ms
32ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/488.440259d3b73f7f5e0bdc.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: iFH8nYbyDVKUUZKqf3P0W84VLvuQcb3v
etag: W/"3b3f088dadd48b841a946cdbad65a6b8"
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: Uts3fKqKTxbInC-SmWXfehiepYFXRtjG2izhIO0Ker2ZIIHdT0EGEg==
date: Mon, 28 Oct 2024 13:17:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 33.959e211d82b1f46b38b6.js
plan-management.gympass.com/ 15 KB
6 KB 60ms
32ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/33.959e211d82b1f46b38b6.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: W51wPJWfRQSCL_aDLXLJGf0ktTF6J5RR
etag: W/"6eea66afc67dfb874f7fe119481f2a56"
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: znPv0L7VuSjw-Xh31ZVx_MPT7LD0wwUYn7dha_lW0GObJX3lRPzHiA==
date: Mon, 28 Oct 2024 13:17:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:09 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 3.86876d1328fc461c540d.js
plan-management.gympass.com/ 28 KB
10 KB 61ms
33ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/3.86876d1328fc461c540d.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: j4JdSnSKTxX5yo.RyZnV6o07HneQqEbe
etag: W/"5a701e5c0f4615378da4d272acdf1828"
age: 62
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-amz-cf-id: lJoeBBcDGWFh5UYgWNIPBofvIyS9qkhDQzNhuRoZDDhvQksOvVArPQ==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:09 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 684.68cf2f25917a9b814cf4.js
plan-management.gympass.com/ 29 KB
12 KB 62ms
33ms Script
application/javascript 2600:9000:237d:2c00:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/684.68cf2f25917a9b814cf4.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5bd572ba70dbc918bb10.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:237d:2c00:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=irauriyogqvd&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=latam-br_b2c_raffle-2024_______0924&af_channel=email&utm_term=growth-Email-04&c=first_purchase

Response headers

content-encoding: gzip
x-amz-version-id: _zpanjK4ak71qPomLrNHBOpEpjXwVFRQ
etag: W/"b5b8cdc1acd10785bf8f275ac4d11d49"
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: oyjPIO1p444xLbyw2pUDT0hCv4erOUX_AKisg8zF_Wvb6to6Nf1f7w==
date: Mon, 28 Oct 2024 13:17:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:26:10 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.survicate-cdn.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com *.survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com *.survicate.com; font-src 'self' fonts.gstatic.com *.survicate.com *.survicate-cdn.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net *.survicate.com *.survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
cache-control: max-age=60, stale-while-revalidate=120
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

POST /
o4504963224764416.ingest.sentry.io/api/4506541754744832/envelope/ 0
0

GET
H2 200 Inter-Regular.woff2
statics-account.gympass.com/assets/fonts/Inter/ 106 KB
107 KB 386ms
46ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Regular.woff2

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: KsTgzOS.r6MuauQo_o9CTx6jvagX8Qtu
etag: "46a1550a4bbaccd13a8eb46a359a9f89"
age: 33
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: EAUyykRHGqtjd1tCFMo1C6ZWWwYxiBwxkMxBpHQetD0ZHni1pyYfmQ==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 108488
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-Bold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 108 KB
110 KB 388ms
49ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Bold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

220976705fbec109f43c5cfdceca639e99ace7e51f3eb67292b105d3575eb39b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: OZiGcnXNiEWUIsft_qEgV3xVukY1WRrc
etag: "279e5a64038565325a5fda8f14a9b9ec"
age: 33
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 5VoOfeK3l-cZY-rlbxCsN7j8DEhbQnWKSqLC_jkyYhw2qqaraRV0cA==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111040
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-ExtraBold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 414ms
75ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-ExtraBold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98023dd780794f5f7f580bb0e8ca24591bc45f44f31c2c39bfd146c1d104cc4f

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: Jms_RyOoBmAYZk57LYA4tJVU.zFModML
etag: "bfed6ba70058e1d8734fa9b2ddd41467"
age: 33
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: W6CCWsphPLnB1QIrzaSzS2nIxvoCWVN-XcadtaqXKKnapXj6MYHs8A==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111360
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-Medium.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 481ms
143ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Medium.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: qY5a2luHZhE6GY4hiITJ00MToRnIC_tK
etag: "60824932303e81c4af185cd9229dd24b"
age: 33
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: EYjAAwDEKXC1TA9m4kcwd4MhvMxCCemWrvZUzQrkg5C0tiEhqegE0Q==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111380
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-SemiBold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 484ms
146ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-SemiBold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e52a861dc26ff4608c50bd7ff89b65d0d6216a2afe7b47ce5d84544811ca400

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: Y.bwOJDfFhKAjf3wIUtXHWvrnqv_dqPP
etag: "01fdc3828f4efe9208e2149531a8933d"
age: 33
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: cl0HTj17XNeuSvHIYteJCMzmBOzuwYKMUNDCLK0jscMoB0XFR7Xfaw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111588
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 modal.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 2 KB
998 B 170ms
66ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/modal.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

4207d62d7276da8cd602cb8c4223e53b080923ac9bea36a1ad2949068ba87d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ixiYso9ltHxahROI6mj6XV4ekCNHknfhDA99KnCAaV9cVyeG-dg2Vw==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 reset.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 1 KB
941 B 142ms
40ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/reset.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

8fe7d7be43cafdca862870fa7d0ee1c5ca53a66db3f09ebd0cbb7044a015849f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 757bhcsQ3TsBSP0Dgtb2KHB7scgIxe24alTJTQIQzqQ-FpbgSQmbXg==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 login.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 22 KB
4 KB 142ms
39ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/login.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

abad031efd28350819daa36a6fd339176845f8c5364cae98e82059d96a7d1911

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 9Wr3Hf8Vu65kL6MwR4jpAKM5XRUkalKqVM4d8VZCtTUUcUmZ_8hH6A==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 button.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 2 KB
947 B 142ms
40ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/button.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

1365972254748c92191312089162bb0449aa84c644570f0cf5148617f50ee5fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: PUQ7dJIgeJjWWVITNvgpCjR_z6dP1ecGlr_SaXFuV5eD6EFue4V97w==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 input.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 2 KB
937 B 166ms
65ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/input.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

52d8ddb23163eafbdd89a29b93088c5be2cf2fa4fd4797b15bc049f14915d213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 26266
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: NRUTXc3nm9xuufS8Mx6wU-zYf88x9K4dJHD8_CU56r90V0MFHwPV_w==
date: Mon, 28 Oct 2024 06:00:05 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 alert.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 411 B
781 B 165ms
64ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/alert.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

35f33a00d0dff833d93ed972f14cbde6dcf9890f7771b4dced36b88625f8bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 411
x-amz-cf-id: 1LTeRCACsm4kWXAgDxFMbHnEpVUPXrIDI5uQFduFEFw3aQlIi78dEQ==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
x-amz-cf-pop: FRA56-P4

GET
H2 200 fonts.css
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/ 10 KB
1019 B 166ms
65ms Stylesheet
text/css 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/fonts.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

c08654e9ff0f610b4c5dde1f8ff5c67f53330c84ddd10ecc480fa231ff26cf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: i55w3qJ51lA76b0HN0TRdyiBs56_kLthc29FVH8N1BGQM79CD5EV3A==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 lottie.min.js Show response
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/ 259 KB
260 KB 195ms
78ms Script
text/javascript 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/lottie.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

e3e985f5df9224b3a4902e6efdfdc070c1fadee5f5dad5d365de7d81c15f23c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: Gwn3N34OGYfSCW1MFntq3M_1qPD5zF3MaiyqZQWD20MlZavri4QCdQ==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8
x-amz-cf-pop: FRA56-P4

GET
H2 200 jquery.min.js Show response
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/node_modules/jquery/dist/ 85 KB
86 KB 137ms
20ms Script
text/javascript 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/node_modules/jquery/dist/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
age: 26266
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: AXLM6rk0ONlHb7ukOBa1w3EJMmQVTlpga6_lwWakSz_tTP1NovcmwA==
date: Mon, 28 Oct 2024 06:00:05 GMT
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8
x-amz-cf-pop: FRA56-P4

GET
H2 200 input.js Show response
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/ 1014 B
688 B 18ms
17ms Script
text/javascript 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/input.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

e589c3d302a4e3f8f21140fda9d1218766f536cf43291f02dec081bd818545e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70269
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: bRrmbaj6SdkHdXcc7Hth8PuTrIItOl5ovUFFhgs_bIPuNsUBoycpVg==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 modal.js Show response
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/ 871 B
1 KB 33ms
32ms Script
text/javascript 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/modal.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

fd97c8e0bce3f85ed136ccae5b0dce9604f254ec2b7c2c8bae37f112548ca0e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
age: 14287
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 871
x-amz-cf-id: sGsR2vUYQJKdn2EpwDtBB-xy6RYyqCR4qdksGwz3utIxT5KECswRCQ==
date: Mon, 28 Oct 2024 09:19:45 GMT
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8
x-amz-cf-pop: FRA56-P4

GET
H2 200 common.js Show response
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/ 4 KB
2 KB 363ms
246ms Script
text/javascript 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/common.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

8b93ca3a934272becda5210d99402df3504c8c477eaf45fc9f0d8cdd9f4a1e1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
content-encoding: br
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 7za2tXyqgCyORTvVP65IdbscJ-6-SHFDAF52vkKumbNUGXebMSQN_g==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P4

GET
H2 200 first-step.js Show response
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/ 262 B
636 B 355ms
252ms Script
text/javascript 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/js/first-step.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

7b146c3101d495f5e6deaa9ad5ee4c9aea83317a97cfb7c554fd3d6d3562d0b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
age: 70268
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 262
x-amz-cf-id: 7lJjlrzA7e5jRqRhx46camCeSV9xvm2eoLzXj1K_x9lqtSp3yQmqJA==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: text/javascript;charset=UTF-8
x-amz-cf-pop: FRA56-P4

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 347ms
124ms Script
text/javascript 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?hl=de&onload=onRecaptchaLoad&render=6Lf32yUqAAAAAJfxa-87-L5ga_kDepDn0ormX01R

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

ESF /

Resource Hash

9276c1455a0915978db7512b0412d13983970a27002cb31fd4e8f434681abf53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 13:17:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Mon, 28 Oct 2024 13:17:51 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 RebrandingLogo.png
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/img/ 47 KB
47 KB 356ms
257ms Image
image/png 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/img/RebrandingLogo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

90275db647cd06dd41e3605624992b11d3223f4a864fc1ec6ce17448a6756bbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
age: 70267
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: yZgKqL2egNoxLUNxZKLRP4acOvKQnMXT5EdwzXRSN16H0m-b4uEWcg==
date: Sun, 27 Oct 2024 17:46:43 GMT
x-xss-protection: 1; mode=block
content-type: image/png
x-amz-cf-pop: FRA56-P4

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/ 547 KB
217 KB 61ms
22ms Script
text/javascript 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?hl=de&onload=onRecaptchaLoad&render=6Lf32yUqAAAAAJfxa-87-L5ga_kDepDn0ormX01R

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

5abe2a12140edf2387d5be35225df3caa4f0f0a05d8f5614008c8cc90af4a156

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

content-encoding: gzip
age: 37511
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 02:52:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 28 Oct 2024 02:52:41 GMT
last-modified: Tue, 22 Oct 2024 00:01:33 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 222594
x-xss-protection: 0
server: sffe

GET
H2 200 Inter-Regular.woff2
statics-account.gympass.com/assets/fonts/Inter/ 106 KB
107 KB 42ms
27ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Regular.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: KsTgzOS.r6MuauQo_o9CTx6jvagX8Qtu
etag: "46a1550a4bbaccd13a8eb46a359a9f89"
age: 34
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: zH9tY_TsGTGhEF97OVc1Sf0eIajf5-YdysvsNznmK_ZVmNSKoiJQUQ==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 108488
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-Bold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 108 KB
110 KB 49ms
36ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Bold.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

220976705fbec109f43c5cfdceca639e99ace7e51f3eb67292b105d3575eb39b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: OZiGcnXNiEWUIsft_qEgV3xVukY1WRrc
etag: "279e5a64038565325a5fda8f14a9b9ec"
age: 34
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: -fsOhBQ8sKOs_Q5LNsdjmN-J-q3FItFqC_Hglns7YwmxxL6OuvAgyw==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111040
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-Medium.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 93ms
84ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Medium.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: qY5a2luHZhE6GY4hiITJ00MToRnIC_tK
etag: "60824932303e81c4af185cd9229dd24b"
age: 34
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: tL8HbtYXw-vPP25ov8IDJdl9KuZg-z83SjSGoM6oPmZ-5WNgjOq5zA==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111380
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-SemiBold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 66ms
57ms Font
font/woff2 2600:9000:26da:4200:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-SemiBold.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26da:4200:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e52a861dc26ff4608c50bd7ff89b65d0d6216a2afe7b47ce5d84544811ca400

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://identity.gympass.com
Referer

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag
x-amz-version-id: Y.bwOJDfFhKAjf3wIUtXHWvrnqv_dqPP
etag: "01fdc3828f4efe9208e2149531a8933d"
age: 34
access-control-allow-methods: POST, GET, HEAD
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: nRo2JYXeWBii-Eje8Lo5jhPpmIBz2f_vRGfG-NqQd7V9fn-cAc8cYA==
date: Mon, 28 Oct 2024 13:17:19 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 111588
x-xss-protection: 1; mode=block
x-amz-cf-pop: MUC50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame D047 0
0 142ms
35ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lf32yUqAAAAAJfxa-87-L5ga_kDepDn0ormX01R&co=aHR0cHM6Ly9pZGVudGl0eS5neW1wYXNzLmNvbTo0NDM.&hl=de&v=-ZG7BC9TxCVEbzIO2m429usb&size=invisible&cb=nqf5f61f30nj

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-COeqHs3rPP3x3jEv5IJwbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-COeqHs3rPP3x3jEv5IJwbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 28 Oct 2024 13:17:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 favicon-32x32.png
identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/img/ 2 KB
2 KB 24ms
21ms Other
image/png 52.222.236.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.7/login/gympass-4.0/img/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-27.fra56.r.cloudfront.net

Software

Resource Hash

5c9e3816dab4271fddbd5a4e2e04c6cf6577867ed35308441d3c66c0bafaa8e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000;includeSubDomains
cache-control: max-age=2592000
age: 84704
x-content-type-options: nosniff
referrer-policy: no-referrer
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 2092
x-amz-cf-id: sSaFmG_KNU2MRlADYOo8h6qLfsLlBTxVJ_fjDNd4LC2-yvkbwRWX_w==
date: Sun, 27 Oct 2024 13:46:09 GMT
x-xss-protection: 1; mode=block
content-type: image/png
x-amz-cf-pop: FRA56-P4

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: plan-management.gympass.com
URL: blob:https://plan-management.gympass.com/62bca2e7-c5bf-48d0-9b7f-1939d6f1f492

Domain: o4504963224764416.ingest.sentry.io
URL: https://o4504963224764416.ingest.sentry.io/api/4506541754744832/envelope/?sentry_key=3fe896b0fdfc5a9285d4b30a4d076a51&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.119.2

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
identity.gympass.com/auth/realms/master/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID Value: z6a140555-fb98-467e-92be-7d8ad385ba0e.keycover-6b4565dc8b-9nk84-18405
identity.gympass.com/auth/realms/master/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID_LEGACY Value: z6a140555-fb98-467e-92be-7d8ad385ba0e.keycover-6b4565dc8b-9nk84-18405
identity.gympass.com/auth/realms/master/	1969-12-31 23:59:59	Name: KC_RESTART Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqd3Quc2lna2V5In0.eyJjaWQiOiJtb2JpbGUtc3NvIiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9wbGFuLW1hbmFnZW1lbnQuZ3ltcGFzcy5jb20vP2FmX3hwPWN1c3RvbSZvcmlnaW49bWt0JmxpZD1pcmF1cml5b2dxdmQmc291cmNlX2NhbGxlcj11aSZwaWQ9YnJhemUmdXRtX2NvbnRlbnQ9bm9uZSZ1dG1fc291cmNlPWJyYXplJnNob3J0bGluaz1nOXBlMWU0cCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1sYXRhbS1icl9iMmNfcmFmZmxlLTIwMjRfX19fX19fMDkyNCZhZl9jaGFubmVsPWVtYWlsJnV0bV90ZXJtPWdyb3d0aC1FbWFpbC0wNCZjPWZpcnN0X3B1cmNoYXNlIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwczovL2lkZW50aXR5Lmd5bXBhc3MuY29tL2F1dGgvcmVhbG1zL21hc3RlciIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9wbGFuLW1hbmFnZW1lbnQuZ3ltcGFzcy5jb20vP2FmX3hwPWN1c3RvbSZvcmlnaW49bWt0JmxpZD1pcmF1cml5b2dxdmQmc291cmNlX2NhbGxlcj11aSZwaWQ9YnJhemUmdXRtX2NvbnRlbnQ9bm9uZSZ1dG1fc291cmNlPWJyYXplJnNob3J0bGluaz1nOXBlMWU0cCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1sYXRhbS1icl9iMmNfcmFmZmxlLTIwMjRfX19fX19fMDkyNCZhZl9jaGFubmVsPWVtYWlsJnV0bV90ZXJtPWdyb3d0aC1FbWFpbC0wNCZjPWZpcnN0X3B1cmNoYXNlIiwic3RhdGUiOiI0ZTYwMDA5Mi1hZTcyLTQ3YmQtYTk4Mi03N2Y1ZTQ2ZjUwNDgiLCJyZXNwb25zZV9tb2RlIjoicXVlcnkifX0.fYcnHwTjAua3ccV6j5fIOKgvbqarGN_Aw88gt5AdqMc
.gympass.com/	1970-01-21 00:35:23	Name: _sp_ses.d9bd Value: *
.gympass.com/	1970-01-21 10:11:21	Name: _sp_id.d9bd Value: 1dd8751e-342b-4416-babc-2a4b5eb6d89b.1730121470.1.1730121470..6f422ff1-8094-4a00-80d1-38f179782a59....0

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid Message: The resource https://statics-account.gympass.com/assets/fonts/Inter/Inter-ExtraBold.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid Message: The resource https://statics-account.gympass.com/assets/fonts/Inter/Inter-Regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid Message: The resource https://statics-account.gympass.com/assets/fonts/Inter/Inter-Medium.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid Message: The resource https://statics-account.gympass.com/assets/fonts/Inter/Inter-SemiBold.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3Dirauriyogqvd%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Dlatam-br_b2c_raffle-2024_______0924%26af_channel%3Demail%26utm_term%3Dgrowth-Email-04%26c%3Dfirst_purchase&state=4e600092-ae72-47bd-a982-77f5e46f5048&response_mode=query&response_type=code&scope=openid Message: The resource https://statics-account.gympass.com/assets/fonts/Inter/Inter-Bold.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .survicate-cdn.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com .survicate-cdn.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com .survicate.com; font-src 'self' fonts.gstatic.com .survicate.com .survicate-cdn.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net .survicate.com .survicate-cdn.com images.unsplash.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ablink.mail.wellhub.com
browser.sentry-cdn.com
cdn.optimizely.com
gympass.onelink.me
identity.gympass.com
js.sentry-cdn.com
o4504963224764416.ingest.sentry.io
plan-management.gympass.com
statics-account.gympass.com
survey.survicate.com
surveys-static.survicate.com
www.google.com
www.gstatic.com
o4504963224764416.ingest.sentry.io
plan-management.gympass.com
13.225.78.2
142.250.185.196
142.250.186.35
18.173.205.63
2400:52e0:1e00::1079:1
2400:52e0:1e00::1081:1
2600:9000:237d:2c00:18:718f:f780:93a1
2600:9000:26da:4200:1e:dcb6:d040:93a1
2606:4700::6812:4239
2a04:4e42:200::729
34.120.195.249
52.222.236.27
0b7babfd21c7b68ad33fb05a8efcb81287001aa574792b67058a8ab849a70418
1212efdbc0918a0495939c2b0c4e6abfc09e29cd11b93ab225e863af2b5a95d2
135dea7ef027b03946ac08f5e4f9c3d39d6821dbd54466afdda3fddde44777c6
1365972254748c92191312089162bb0449aa84c644570f0cf5148617f50ee5fc
1add0f64809ab1da27412a9ab523cd7430c3a8b602655d98f70e574d7e4f3092
220976705fbec109f43c5cfdceca639e99ace7e51f3eb67292b105d3575eb39b
2688713625475bd3bb2b2bbaa6d9fe204b6b726f5bf3efd0d3a5497e5f60ca3f
35f33a00d0dff833d93ed972f14cbde6dcf9890f7771b4dced36b88625f8bdc7
4207d62d7276da8cd602cb8c4223e53b080923ac9bea36a1ad2949068ba87d6f
4217359f397700540edf53ad297b3b8dfc00933dc0763d5cabeafb6e12882ede
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44a86d3de5f2328789646f288cc9e679bc60b386473d92d4c977ac77af53a70c
510e32df5b6336de42dd6f2f05e3925a3710e959f2607048029e4fa0803f385f
52d8ddb23163eafbdd89a29b93088c5be2cf2fa4fd4797b15bc049f14915d213
564a185c158672e29f4f3d5363fe6422c1d2ebb649342a1f94404f869f1f586d
5abe2a12140edf2387d5be35225df3caa4f0f0a05d8f5614008c8cc90af4a156
5c9e3816dab4271fddbd5a4e2e04c6cf6577867ed35308441d3c66c0bafaa8e4
5e36a70ec67d627cabfa08c3bb695b0ff8c914dd28ab9198282f784bc3f17da0
686128365fca0e3963a7e4b4064ec01cfeee9bc6356bebf109231caddfd0e427
6868614870d1002e1d5b6d07549215adace6af6f5072e394cd70777f8055a70a
789e8685a564e07274fec164118e89fa040ff2779c6efe3d781b94aeea6f06eb
7b146c3101d495f5e6deaa9ad5ee4c9aea83317a97cfb7c554fd3d6d3562d0b7
7b553a24c4dd9c2721e0f7727248e0dd0b6e34308afe4a0873931e793b6c7b70
804c7c73e1ef549a8d6f15d5d55a93eab49812b0e2ebd87a8d95f0d8c7d3a80d
83ddf53cffe04b61c96a98a130c5fe418655d776a88071fbbf2df351545d06b5
8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d
87ef710528a85f4b0460bf80267ed86ea94fdc159781a671a211d7c3fcef53f2
88720ddf944a88dad1df1a3f52bb88232d4cfe01180808074f7f8663ee40379a
8b93ca3a934272becda5210d99402df3504c8c477eaf45fc9f0d8cdd9f4a1e1a
8e52a861dc26ff4608c50bd7ff89b65d0d6216a2afe7b47ce5d84544811ca400
8fe7d7be43cafdca862870fa7d0ee1c5ca53a66db3f09ebd0cbb7044a015849f
90275db647cd06dd41e3605624992b11d3223f4a864fc1ec6ce17448a6756bbd
9276c1455a0915978db7512b0412d13983970a27002cb31fd4e8f434681abf53
98023dd780794f5f7f580bb0e8ca24591bc45f44f31c2c39bfd146c1d104cc4f
a11f5c920310ada752a6de2ffa28df11b348c96238117069cf5e4edb6159d0ab
abad031efd28350819daa36a6fd339176845f8c5364cae98e82059d96a7d1911
b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a
c08654e9ff0f610b4c5dde1f8ff5c67f53330c84ddd10ecc480fa231ff26cf0f
dd20cb1f11446576f85f631a9bace7591031c6fd06957ef1ccafcf637c627210
e3e985f5df9224b3a4902e6efdfdc070c1fadee5f5dad5d365de7d81c15f23c6
e589c3d302a4e3f8f21140fda9d1218766f536cf43291f02dec081bd818545e9
ecfd31bc10a01aaf1dbe66af6830ac97a96d7701746481a950f85f96953fac0e
f2aeafe9eb63656f5c0cd803fbc74148edba5894a78b4a20ff93e775d97df2a5
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fd97c8e0bce3f85ed136ccae5b0dce9604f254ec2b7c2c8bae37f112548ca0e6

identity.gympass.com Open in urlscan Pro 52.222.236.27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

58 Requests

97 %HTTPS

50 %IPv6

9 Domains

13 Subdomains

11 IPs

2 Countries

2505 kBTransfer

4891 kBSize

5 Cookies

5 Outgoing links

Page URL History

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

identity.gympass.com Open in urlscan Pro
52.222.236.27 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

97 %
HTTPS

50 %
IPv6

9
Domains

13
Subdomains

11
IPs

2
Countries

2505 kB
Transfer

4891 kB
Size

5
Cookies

58 HTTP transactions
0 data transactions